NAT
>>>>> Pascal Hambourg <pascal.mail@plouf.fr.eu.org> writes:
>>>>> Ivan Shmakov a écrit :
[...]
> Another example is when an interface gets a dynamic address and you
> want to create a DNAT rule that matches only on that address :
> iptables -t nat -A PREROUTING -d $PPP_LOCAL -p tcp --dport <port> \
> -j DNAT --to <server>:<port>
> You cannot do that with a static ruleset.
I'm not quite sure I'd like to do it with NAT, either. Not
that there's a lot of choice in this particular case.
Going slightly off-topic here, about half a year ago I had a
problem which I initially solved with DNAT. The problem was to
assign all of the hosts connected to one ``physical'' network
the IPs ``belonging'' to the other:
Network #1 | 10.x.y.R | Network #2
10.x.y.z/23 +-- My host --+ any IP network possible here
(Ethernet) | | (uml_switch)
|
+-- Host #1, 10.x.y.Z+1
+-- Host #1, 10.x.y.Z+2
| ...
+-- Host #1, 10.x.y.Z+n
... Subject to the following constraints:
* no hosts connected to the network to the left on the figure do
know that 10.x.y.R is actually a router;
* the range to be assigned, 10.x.y.Z+1 .. 10.x.y.Z+n, is not
that of any subnet.
Somehow, I thought that DNAT will solve the problem the most
straightforward way. I was wrong, it was proxy_arp that made
the day. (Yes, one may use a bridge, too, but since it wasn't a
requirement to allow for the traffic other than ARP and IP to
pass through, I've decided to spare it.)
Anyway, IPv4 seems to die slowly. The Internet Service Provider
I connect through from home, for example, offers a
gray-IP-plus-NAT access, which is barely the /Internet/ access
(should I call it ``WWW access'' instead? oh no, they have
BitTorrent in their advertisements, too) I need (no transport
level protocols other than TCP and UDP, thus, e. g., no PPTP,
though I'm not sure whether it's a drawback, no chance of ever
setting up a globally-accessible server or a SIP-based VoIP, no
6to4, nor even Teredo without a relay, add to it that this
particular NAT forgets about the connections after a few seconds
of no activity, etc.)
Fortunately, IPv6 has no NAT.
--
FSF associate member #7257
Reply to:
- Follow-Ups:
- Re: NAT
- From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>