NAPT with several IP addresses?

NAPT with several IP addresses?

[Emmanuel Guiton]

Hei!

I was looking at the Linux Netfilter Hacking HOWTO and at the source 
code in ip_nat_proto_tcp.c and I realized that doing NAPT with several 
ports is not supported, am I right?
I mean, in the HOWTO it's written "If IP_NAT_RANGE_PROTO_SPECIFIED isn't 
set, it means that the user is doing NAT, not NAPT". Well, we could also 
use a range of IP addresses and still perform NAPT, couldn't we? Still 
this possibility is not implemented, isn't it?

Anyway, that's just a remark to be sure that I'm not misunderstanding 
the code, nothing more.

            Emmanuel

Re: NAPT with several IP addresses?

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]

On Fri, Nov 21, 2003 at 11:36:34AM +0200, Emmanuel Guiton wrote:
> Hei!
> 
> I was looking at the Linux Netfilter Hacking HOWTO and at the source 
> code in ip_nat_proto_tcp.c and I realized that doing NAPT with several 
> ports is not supported, am I right?

of course it is supported.

> I mean, in the HOWTO it's written "If IP_NAT_RANGE_PROTO_SPECIFIED isn't 
> set, it means that the user is doing NAT, not NAPT". Well, we could also 
> use a range of IP addresses and still perform NAPT, couldn't we? Still 
> this possibility is not implemented, isn't it?

I don't really understand what your point.  IP_NAT_RANGE_PROTO_SPECIFIED
just tells us if the give nat range has only a layer 3 (ip) range, or
also layer 4 (tcp/udp/...) range.  It doesn't tell you at all if you nat
to a single address or to multiple addresses.

A nat mapping is internally always represented as a nat range.  Even if
the range has only the size of one (i.e. a single ip address or port).

>            Emmanuel

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: NAPT with several IP addresses?

[Emmanuel Guiton]

Sorry, my mistake, you can forget about my comment.
I'm not yet familiar with the whole code and I misunderstood the meaning 
of  IP_NAT_RANGE_PROTO_SPECIFIED.

Thanks,
              Emmanuel


Harald Welte wrote:

>On Fri, Nov 21, 2003 at 11:36:34AM +0200, Emmanuel Guiton wrote:
>  
>
>>Hei!
>>
>>I was looking at the Linux Netfilter Hacking HOWTO and at the source 
>>code in ip_nat_proto_tcp.c and I realized that doing NAPT with several 
>>ports is not supported, am I right?
>>    
>>
>
>of course it is supported.
>
>  
>
>>I mean, in the HOWTO it's written "If IP_NAT_RANGE_PROTO_SPECIFIED isn't 
>>set, it means that the user is doing NAT, not NAPT". Well, we could also 
>>use a range of IP addresses and still perform NAPT, couldn't we? Still 
>>this possibility is not implemented, isn't it?
>>    
>>
>
>I don't really understand what your point.  IP_NAT_RANGE_PROTO_SPECIFIED
>just tells us if the give nat range has only a layer 3 (ip) range, or
>also layer 4 (tcp/udp/...) range.  It doesn't tell you at all if you nat
>to a single address or to multiple addresses.
>
>A nat mapping is internally always represented as a nat range.  Even if
>the range has only the size of one (i.e. a single ip address or port).
>
>  
>
>>           Emmanuel
>>    
>>
>
>  
>