Re: Route Nat dead. Does anybody going to support it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Monday 22 November 2004 13:44, Martijn van Oosterhout wrote:
> On Mon, Nov 22, 2004 at 12:50:27PM +0300, Peter Volkov Alexandrovich wrote:
> > On Monday 22 November 2004 11:59, you wrote:
> > > What virtual interfaces?
> >
> > Yes. I think it's a bit excessive to use ip utitlity to add additional
> > address to interface and then to use iptables to make DNAT and SNAT to
> > map LAN's ip address on external internet's ip address.
>
> You've lost me. What does SNAT/DNAT have to do with virtual addresses?
> Can you give an example.

Sorry. My english is not perfect or may be I misunderstood term. In any case 
I'll try to explain what I mean.

I have router with eth0 looking to provider/internet and eth1 into my LAN. As 
most of my users do not need direct or real IP address in internet I use 
172.16.0.0/16 addresses in LAN and masquerade them.

<internet>-----------------eth0<router>eth1-------------<LAN>
          xxx.xxx.xxx.96/28                172.16.0.0/16

Now. Some of them need real IP and they also want to be in the same subnet as 
others. What can I do? I can bind second address on my router (e.g. ip add 
add xxx.xxx.xxx.98/28 brd + dev eth0). Then the packets sent to real IP 
address xxx.xxx.xxx.98/28 to be DNAT'ed on user's LAN IP and when user send 
packets to internet they are SNAT'ed to his real IP (xxx.xxx.xxx.98/28).

Why term virtual address? Well. With ifconfig I have to add "virtual 
interface". I could not to add second address. So I called this kind of 
binding of new address --- virtual address. May be wrong term. I don't know.

> The whole point of NAT is to reuse existing addresses.

That is true.

-- 

______________________________________

Volkov Peter, <pvolkov@xxxxxxxxxxx>
Moscow State University, Phys. Dep.
______________________________________

NO ePATENTS, eSIGN now on:
http://petition.eurolinux.org
and maybe this helps...

Linux 2.4.26-gentoo-r9 i686
Mobile Intel(R) Celeron(R) CPU 1.60GHz
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux