* NAT pool
@ 2012-12-18 22:32 Miguel Alejandro González
2012-12-18 22:58 ` Jan Engelhardt
0 siblings, 1 reply; 5+ messages in thread
From: Miguel Alejandro González @ 2012-12-18 22:32 UTC (permalink / raw)
To: netfilter-devel
Hello
I was wondering how the pool of ipv4 addresses works in netfilter. I
know you can configure a range or subnet from iptables when you are
configuring NAT.I was reading some NAT code from the kernel, but I
think it just checks if the packet's address is in the range
specified.
I guess my main question is, if there is a ipv4 pool implementation in
netfilter. If so, can it be used by other modules?
Regards
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: NAT pool
2012-12-18 22:32 NAT pool Miguel Alejandro González
@ 2012-12-18 22:58 ` Jan Engelhardt
2012-12-19 1:53 ` Miguel Alejandro González
0 siblings, 1 reply; 5+ messages in thread
From: Jan Engelhardt @ 2012-12-18 22:58 UTC (permalink / raw)
To: Miguel Alejandro González; +Cc: netfilter-devel
On Tuesday 2012-12-18 23:32, Miguel Alejandro González wrote:
>I was wondering how the pool of ipv4 addresses works in netfilter. I
>know you can configure a range or subnet from iptables when you are
>configuring NAT.I was reading some NAT code from the kernel, but I
>think it just checks if the packet's address is in the range
>specified.
get_unique_tuple() makes sure they don't overlap.
>I guess my main question is, if there is a ipv4 pool implementation in
>netfilter. If so, can it be used by other modules?
As much as other modules are already using it.
The question should not be whether it can be used, but whether it can be
used for what.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: NAT pool
2012-12-18 22:58 ` Jan Engelhardt
@ 2012-12-19 1:53 ` Miguel Alejandro González
2012-12-19 9:45 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Miguel Alejandro González @ 2012-12-19 1:53 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Cool, well I want to use it for a NAT64 module where are developing...
right now we have a pool developed from scratch. It would have to
handle a ip range and protocol range... but I think the implementation
you guys have already does this.
I guess the file I have to include is:
Linux/include/uapi/linux/netfilter/nf_nat.h
Would you care to explain how can I use it or what codes should I read
to see how it works...
Regards!
On Tue, Dec 18, 2012 at 4:58 PM, Jan Engelhardt <jengelh@inai.de> wrote:
> On Tuesday 2012-12-18 23:32, Miguel Alejandro González wrote:
>
>>I was wondering how the pool of ipv4 addresses works in netfilter. I
>>know you can configure a range or subnet from iptables when you are
>>configuring NAT.I was reading some NAT code from the kernel, but I
>>think it just checks if the packet's address is in the range
>>specified.
>
> get_unique_tuple() makes sure they don't overlap.
>
>>I guess my main question is, if there is a ipv4 pool implementation in
>>netfilter. If so, can it be used by other modules?
>
> As much as other modules are already using it.
> The question should not be whether it can be used, but whether it can be
> used for what.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: NAT pool
2012-12-19 1:53 ` Miguel Alejandro González
@ 2012-12-19 9:45 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2012-12-19 9:45 UTC (permalink / raw)
To: Miguel Alejandro González; +Cc: Jan Engelhardt, netfilter-devel
On Tue, Dec 18, 2012 at 07:53:46PM -0600, Miguel Alejandro González wrote:
> Cool, well I want to use it for a NAT64 module where are developing...
> right now we have a pool developed from scratch. It would have to
> handle a ip range and protocol range... but I think the implementation
> you guys have already does this.
Yes, you should use the conntrack and nat subsystems for that.
I discussed this with Patrick recently. The main problem is that
you're going to find code that uses ct->hashtuple[ORIG].l3num. You
should start by changing that is an initial patch, then the follow-up
patch to add the NAT64 feature.
Regards.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* NAT Pool
@ 2016-02-23 18:09 Travis Garrison
0 siblings, 0 replies; 5+ messages in thread
From: Travis Garrison @ 2016-02-23 18:09 UTC (permalink / raw)
To: netfilter
I am working on setting up a new router for our network and im trying to figure out the NAT rules. We have several VLANs that we need to enable PAT on. The issue comes from that we have several public IP addresses that we would like to use in the PAT pool. How would we be able to go about this. We are not doing anything special like port forwarding or redirection.
Internal IP addresses:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
192.168.6.0/24
192.168.7.0/24
....we have around 150 networks, using the 192, 172 and 10 ranges
Public IP ranges:
x.x.252.0/24
x.x.254.0/24
x.x.173.0/24
We are currently using a Cisco FWSM with a few PAT IP's setup but the issue is it will use 1:1 NAT until all Public IPs are used the PAT the rest to a single IP address. We would like to PAT to all addresses in a round-robin fashion.
Thank you
Travis Garrison
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-02-23 18:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-18 22:32 NAT pool Miguel Alejandro González
2012-12-18 22:58 ` Jan Engelhardt
2012-12-19 1:53 ` Miguel Alejandro González
2012-12-19 9:45 ` Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2016-02-23 18:09 NAT Pool Travis Garrison
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.