Re: new netfilter target - DNETMAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2011-01-07 00:02, Marek Kierdelewicz wrote:

>Hi,
>
>The DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets.
>Single rule can map private subnet to shorter public subnet creating
>and maintaining unambigeous private-public ip bindings. Second rule can
>be used to map new flows to private subnet according to maintained
>bindings. Target allows efficient public IPv4 space usage and
>unambigeous NAT at the same time.
>
>DNETMAP is available as patched xtables-addons-1.31 package and as a
>patch for xtables-addons-1.31 package.
>
>http://cat.piasta.pl/dnetmap/

Have you considered updating the NETMAP target inside the linux
kernel instead?

Your idea looks interesting in that I could envision it superseding
DNAT, SNAT and NETMAP altogether.


>Polite request to Jan Engelhardt for inclusion of the target into
>xtables-addons.

It would be nice if you could

 * resolve the inconsistencies in indentation. Specifically, use tabs to 
indent statements. If in doubt, use scripts/Lindent 
and scripts/checkpatch.pl from linux.

 * wrap lines at 80 cols in xt_DNETMAP.man 


Things I have noticed while spending a quick look:

The manpage mentions "If host 192.168.0.10 generates some traffic, it 
gets bound to first free IP in subnet - 20.0.0.0.". However,
20.0.0.0 can be a network address and thus lead to problems.
Is there a way for the user to specify that the range to use
should be 20.0.0.1-20.255.255.254 rather than 20.0.0.0-20.255.255.255?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux