Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible

[thunder7@xs4all.nl]

From: Justin Piszcz <jpiszcz@lucidpixels.com>
Date: Sun, Jan 21, 2007 at 11:48:07AM -0500
> 
> What about all of the changes with NAT?  I see that it operates on 
> level-3/network wise, I enabled that and backward compatiblity support as 
> well, but when my iptables rules kick in, it says no such driver/etc for 
> `nat'-- is there a new target for iptables now or did I miss a kernel 
> option?
> 

Well, I'm typing this on my laptop, connected via my main server to the
internet, using SNAT, according to the firehol manpage. The main server
runs 2.6.20-rc5, and somewhere in my 2.6.20-rc5 .config, there is

CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_NF_NAT_SIP=m

and my firewall's manpage says:

FIREHOL.CONF(5)       User Contributed Perl Documentation      FIREHOL.CONF(5)


       masquerade [reverse | interface] [optional rule parameters]

         Masquerading is a special from of SNAT (Source NAT) that changes the
         source of requests when they go out and replaces their original
         source when replies come in. This way a Linux box can become an
         internet router for a LAN of clients having unroutable IP addresses.
         Masquerading takes care to re-map IP addresses and ports as required.

         Masquerading is "expensive" compared to SNAT because it checks the IP
         address of the ougoing interface every time for every packet, and
         therefore it is suggested that if you connect to the internet with a
         static IP address, to prefer SNAT.

while my /etc/firehol/firehol.conf has a part in it like this:

#
# route access from the clients to the internet
#
router internet2network inface adsl outface switch
	masquerade reverse
	client all accept

All in all, NAT is working for me with 2.6.20-rc5. I do remember I had
to reselect all the netfilter modules in menuconfig.

Good luck,
Jurriaan
-- 
> What does ELF stand for (in respect to Linux?)
ELF is the first rock group that Ronnie James Dio performed with back in 
the early 1970's.  In constrast, a.out is a misspelling	 of the French word 
for the month of August.  What the two have in common is beyond me, but 
Linux users seem to use the two words together.
	seen on c.o.l.misc
Debian (Unstable) GNU/Linux 2.6.20-rc5 2x2011 bogomips load 0.83
the Jack Vance Integral Edition: http://www.integralarchive.org