[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and Masquerading
Suppose You manage class C net with private addresses
that connects to Internet through some NAT gateway.
If everyone go to internet with only one address of
the gateway that's IP Masquerading also refferenced
as Network Address and Port Translation (NAPT) .
Now suppose that not all 254 hosts of your private net
need access Internet simultaneously and from other
side You have posibilyty to use more than one externally
visible IP address. Each time a request is made from a
host on the private network, the NAT router chooses an
external IP addresses that is currently unused, and then
performs the translation. This type of situation is only
possible when the number of concurrent requests to the
external network are equal or less than the number of
external Ip addresses on the NAT router. That's what called
dynamic NAT.
Now supose that few of hosts on your private net need to
be accessed from Internet - not only one WWW and one
FTP so You couldn't use port mapping and redirection
technique, but some more hosts providing same service.
In my casethat's about 10 hosts needed to by accessed on
tcp port 23. In this case I would preferr to link them statically
to some virtual addresses on public net. That what static
NAT does and what was implemented for Linux by patch
I mentioned in my previous email.
http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html
What I need is to combine both theese technicues - one
of dinamic technicues (preferrably IP Masq) and the static one.
Best Regards
Shimon Lisyansky
-----Original Message-----
From: Ira Abramov - Scalable Solutions <ira-lists-linux@scso.com>
To: shimonl@elscintcorp.co.il <shimonl@elscintcorp.co.il>
Cc: linux-il@cs.huji.ac.il <linux-il@cs.huji.ac.il>
Date: Thursday, March 11, 1999 5:14 AM
Subject: Re: NAT and Masquerading
>Today, Semion Lisyansky blurbed:
>
>
>> >NAT and IP Masquerading is the same thing.
>>
>> When I told NAT I meant the static NAT. I use IP NAT patch
>> originally written by Michael Hassenstein for kernels 2.0.x
>> and then ported to later kernel versions. IP Masquerading
>> implements the dynamic NAT only.
>
>I'm sorry... ate too much cottage cheese this week or something... to
>much Calcium in my brain's arteries... what exactly is dynamic
>Masquarading? are you refferring to the extra masq kernel modules to
>help FTP and friends?
>
>in any case, AFAIK there is no need for any extra code beyond what comes
>with the kernel. use ipchains to config filtering and ipmasqadm (I
>think) for masqing rules. I have no idea what the patch you mentioned
>does, or what's special about your setup. please enlighten us.
>
>--
>Ira Abramov ; whois:IA58 ; www.scso.com ; all around Linux enthusiast
>The human mind ordinarily operates at only ten percent of its capacity
>-- the rest is overhead for the operating system.
>
>
>