Has anyone ever gotten NAT installed on SuSE, can anyone give me some pointers? -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 22 Dec 1999, Sam Carleton wrote:
Has anyone ever gotten NAT installed on SuSE, can anyone give me some pointers?
What are you using for NAT? SuSE ships all of the modules and administration tools for IP Masquerading, but I've never seen NAT before. -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | http://www.atipa.com /\\ Kansas City, MO, USA | 816-241-2641 _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 22 Dec 1999, Jon Pennington wrote:
On Wed, 22 Dec 1999, Sam Carleton wrote:
Has anyone ever gotten NAT installed on SuSE, can anyone give me some pointers?
What are you using for NAT? SuSE ships all of the modules and administration tools for IP Masquerading, but I've never seen NAT before.
What do you mean by "NAT"? See http://www.suse.de/~mha/linux-ip-nat/diplom/nat.html -- Michael Hasenstein http://www.suse.de/~mha/ Private Pilot (ASEL) since 1998 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Not sure if this has been aswered yet: NAT is the new paradigm for IP Masquerading in the latest kernel (2.3.34>). It will be the replacement of IP Chains in the 2.4 kernel when it is released. NAT is short for Network Address Translation. Currently it *only* works with 2.3 kernels. So the stock kernel for Suse will not work. I am working on getting it to work, but so far have been only moderately successful. Steve On 22-Dec-99 Jon Pennington wrote:
On Wed, 22 Dec 1999, Sam Carleton wrote:
Has anyone ever gotten NAT installed on SuSE, can anyone give me some pointers?
What are you using for NAT? SuSE ships all of the modules and administration tools for IP Masquerading, but I've never seen NAT before.
-- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | http://www.atipa.com /\\ Kansas City, MO, USA | 816-241-2641 _\_V
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Clarity is pleasurable. Linux ID: 24951 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 29 Dec 1999, Steve Jardine wrote:
Not sure if this has been aswered yet: NAT is the new paradigm for IP Masquerading in the latest kernel (2.3.34>). It will be the replacement of IP Chains in the 2.4 kernel when it is released.
NAT is short for Network Address Translation. Currently it *only* works with 2.3 kernels. So the stock kernel for Suse will not work.
What you mean is called 'netfilter', which implements, among other things, a framework for NAT, where misc. NAT modules (n:1 translation is widely known as 'masquerading') can be plugged in. Netfilter is _not_ just a replacement for the masquerading code, and it is a framework for many things, not just NAT. -- Michael Hasenstein http://www.suse.de/~mha/ Private Pilot (ASEL) since 1998 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
As has been mentioned by a few, masquerading (N computers to 1 IP) is by *no* means all that the the new linux NAT code can do. When I say NAT, I do not mean Cisco, or anyone other than the NAT defined in the Netfilter documentation on the Netfilter website. Look at : http://www.samba.org/~netfilter/ However, what I stated is fundamentally (albeit incomplete) correct. IP Masquerading ala ipfwadm, or IP Chains will be dropped in kernel version 2.4 (so I am told) for using the NAT module for masquerading. I apologize for the confusion. Steve On 29-Dec-99 Michael Hasenstein wrote:
On Wed, 29 Dec 1999, Steve Jardine wrote:
Not sure if this has been aswered yet: NAT is the new paradigm for IP Masquerading in the latest kernel (2.3.34>). It will be the replacement of IP Chains in the 2.4 kernel when it is released.
NAT is short for Network Address Translation. Currently it *only* works with 2.3 kernels. So the stock kernel for Suse will not work.
What you mean is called 'netfilter', which implements, among other things, a framework for NAT, where misc. NAT modules (n:1 translation is widely known as 'masquerading') can be plugged in.
Netfilter is _not_ just a replacement for the masquerading code, and it is a framework for many things, not just NAT.
-- Michael Hasenstein http://www.suse.de/~mha/ Private Pilot (ASEL) since 1998
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Clarity is pleasurable. Linux ID: 24951 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Steve Jardine wrote:
NAT is short for Network Address Translation. Currently it *only* works with 2.3 kernels. So the stock kernel for Suse will not work.
Where did you hear that it will be in the 2.4 kernel?
Not sure if this has been aswered yet: NAT is the new paradigm for IP Masquerading in the latest kernel (2.3.34>).
Are you saying that NAT and IP Masquerading are one in the same? From my understanding they are anything but the same. I know that IP Masquerading is designed where you have many computers going thought one box that is doing the IP Masquerading. The the Masquerading box makes everyone else look like itself to the computers on the internet.
From my understanding, NAT works like this: For every computer you want to have on the Internet at one time, you have to have a valid Internet IP address. Here where I work, we use to have about 30 valid Internet IP's and about 40 employees. As soon 30 folks where on the web, eveyone else was unable to access the web. The NAT server translates our internal 10.x.x.x to one of the thirty valid Internet address. This is very different from IP Masquerading.
I have heard the consept of IP Masquerading, many boxes going through one IP, refered to as NAT+ with Netgear ISDN/Modem routers, and PAT from a Cisco PIX firewall. I believe they all refer the the same thing. If someone knows. Sam -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 29 Dec 1999, Sam Carleton wrote: ... (a lot) ... See here: http://www.suse.de/~mha/linux-ip-nat/diplom/nat.html This document is also mentioned in the kernel documentation, as source for any info on NAT (in Documentation/Configure.help, with it's old URL, the above is the current location). -- Michael Hasenstein http://www.suse.de/~mha/ Private Pilot (ASEL) since 1998 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Wed, 29 Dec 1999, you wrote:
Steve Jardine wrote:
NAT is short for Network Address Translation. Currently it *only* works with 2.3 kernels. So the stock kernel for Suse will not work.
Where did you hear that it will be in the 2.4 kernel?
Not sure if this has been aswered yet: NAT is the new paradigm for IP Masquerading in the latest kernel (2.3.34>).
Are you saying that NAT and IP Masquerading are one in the same? From my understanding they are anything but the same. I know that IP Masquerading is designed where you have many computers going thought one box that is doing the IP Masquerading. The the Masquerading box makes everyone else look like itself to the computers on the internet.
From my understanding, NAT works like this: For every computer you want to have on the Internet at one time, you have to have a valid Internet IP address. Here where I work, we use to have about 30 valid Internet IP's and about 40 employees. As soon 30 folks where on the web, eveyone else was unable to access the web. The NAT server translates our internal 10.x.x.x to one of the thirty valid Internet address. This is very different from IP Masquerading.
I have heard the consept of IP Masquerading, many boxes going through one IP, refered to as NAT+ with Netgear ISDN/Modem routers, and PAT from a Cisco PIX firewall. I believe they all refer the the same thing. If someone knows.
Sam
You are right as far as I know. I haven't read the full RFC on NAT so I can't speak for the definition, but in the form that Cisco implements it you are correct. We use Cisco products here at our company also and it does just as you suggest translating private numbering into a range of valid IPs - not hiding all machines behind one IP. I also have to qualify that though. I did not set up our routing personally so I don't know what all our options may have been. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Darren R. Weber drw@linuxfan.com ICQ# 2849193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Darren R. Weber" wrote:
On Wed, 29 Dec 1999, you wrote:
Steve Jardine wrote: <snip> I have heard the consept of IP Masquerading, many boxes going through one IP, refered to as NAT+ with Netgear ISDN/Modem routers, and PAT from a Cisco PIX firewall. I believe they all refer the the same thing. If someone knows.
Sam
You are right as far as I know. I haven't read the full RFC on NAT so I can't speak for the definition, but in the form that Cisco implements it you are correct. We use Cisco products here at our company also and it does just as you suggest translating private numbering into a range of valid IPs - not hiding all machines behind one IP. I also have to qualify that though. I did not set up our routing personally so I don't know what all our options may have been.
Steve mentioned PAT (Port address translation) which is not just a PIX option, but available in the router IOS also. It's true that PAT is a closer fit with the Limux concept of IP Masquerading, but Cisco's perspective is that PAT is a sub-set (conceptually) of NAT. Which makes sense - In general you are doing address translation, what differs is whether it's one-to-one or many-to-one/one-to-many. So everybody is kinda rightish!! Sean PS I must be feeling very seasonal - defining a Cisco concept when I, professionally speaking, regard them as the arch-enemy!! You don't know what I mean? Well, you know how Linux folk feel about Microsoft? Well, many Nortel Networks folk feel the same way about Cisco!!! ;-)) -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (6)
-
activex1@one.net -
jpennington@atipa.com -
mha@suse.de -
sgroarke@nortelnetworks.com -
temp@iname.com -
weberdr@bellsouth.net