Netfilter, Fast NAT and routing policies

From: sampsa@staff.netsonic.fi
Date: Thu Feb 10 2000 - 11:18:30 EST


 Hello, I am using 2.3.40 kernel and doing nat with both fast nat code
and netfilter (yes, not a best possible idea, but I need dynamic and static
NAT same time). The netfilter static mapping doesn't work, so I decided to
use the fast nat code as it provides good static NAT.

 But now I am heading to troubles with it, too.

 I start the static NAT with following commands:

/sbin/ip rule add prio 320 from 10.110.27.66 nat 192.168.1.1
/sbin/ip route add nat 192.168.1.1 via 10.110.27.66

[root@nat helper]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Invalid argument
ping: wrote 62.236.101.150 64 chars, ret=-1

 Second thing is that I have subnets under 10.0.0.0/8 supernet, and as
these are routed to the NAT gw, they are not supposed to access eachother
with the original 10.0.0.0-based addresses. So I would need to use policy
routing and NAT source & destination address at same time, but NAT rules
always seem to go to local routing table, and don't work outside.
 
 So, how could I use policy routing & NAT at same time? Doesn't work with
netfilter nor with fast routing. Nor can I do NAT for both source &
destination at same time. Any way to go around this problem?

 - Sampsa Ranta
   sampsa@netsonic.fi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:17 EST