RE: Linux NAT questions- (kernel upgrade??)

RE: Linux NAT questions- (kernel upgrade??)

[Sim, CT (Chee Tong)]

Hi.. I follow your instruction, but I encounter this issue, my kernel need
to be upgrade? MAy I know how to determine the current kernel version and
how to upgrade it?? 


[root@guava /root]# iptables -t nat -A PREROUTING -p tcp --dst 1.1.1.160 -i
eth1 -j D
NAT --to-destination 192.168.200.2
iptables v1.1.1: can't initialize iptables table `nat': iptables who? (do
you need to insm
od?)
Perhaps iptables or your kernel needs to be upgraded.


[root@guava simc]# rpm -ivh iptables-1_2_0-6_i386.rpm
error: failed dependencies:
        kernel >= 2.4.0 is needed by iptables-1.2.0-6


-----Original Message-----
From: Michel Wilson [mailto:michel@procyon14.yi.org]
Sent: Wednesday, May 02, 2001 5:13 PM
To: Sim, CT (Chee Tong)
Cc: linux-kernel@vger.kernel.org
Subject: RE: Linux NAT questions


> what I am trying to do is this. I have a genuine network, say 1.1.1.x, and
> my Linux host is on it, as 1.1.1.252 (eth0). I also have a second
> network at
> the back of the Linux box, 192.168.200.x, and a web server on
> that network,
> 192.168.200.2. The Linux address is 192.168.200.1 on eth1.
>
> What I want to do is make the web server appear on the 1.1.1.x network as
> 1.1.1.160. I have done this before with Firewall-1 on NT, by
> putting an arp
> entry for 1.1.1.160 to point to the Linux machine eth0. The packets get
> redirected into the Linux machine, then translated, and then routed out of
> eth1.
>
> The benefit is that there is no routing change to the 1.1.1.x network, and
> the Linux box isn't even seen as a router.
>
> I would appreciate any help with this. Any command to do this?
>
> Chee Tong
This isn't really a kernel question. I think you'd better ask it on some
linux network list/newsgroup. But here's an answer anyway....

You could add 1.1.1.160 to eth0:
   ip addr add 1.1.1.160 dev eth0
and then use NAT to redirect these to the webserver:
   iptables -t nat -A PREROUTING -p tcp --dst 1.1.1.160 -i eth1 -j
DNAT --to-destination 192.168.200.2

This should work, AFAIK, but i didn't try it myself. You could also try to
use the arp command (see 'man arp'), but i don't know exactly how that
works.

Good luck!

Michel Wilson.


==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==================================================================

RE: Linux NAT questions- (kernel upgrade??)

[Michel Wilson]

> Hi.. I follow your instruction, but I encounter this issue, my kernel need
> to be upgrade? MAy I know how to determine the current kernel version and
> how to upgrade it??

You can see the current kernel version by doing uname -a. It is also shown
at boot time.

>
>
> [root@guava /root]# iptables -t nat -A PREROUTING -p tcp --dst
> 1.1.1.160 -i
> eth1 -j D
> NAT --to-destination 192.168.200.2
> iptables v1.1.1: can't initialize iptables table `nat': iptables who? (do
> you need to insm
> od?)
> Perhaps iptables or your kernel needs to be upgraded.
>
>
> [root@guava simc]# rpm -ivh iptables-1_2_0-6_i386.rpm
> error: failed dependencies:
>         kernel >= 2.4.0 is needed by iptables-1.2.0-6
For iptables you'll need kernel >= 2.4.0, as stated. I don't know if RedHat
has a precompiled rpm somewhere (i don't use RedHat) but i would think so.
You might ask your local RedHat guru ;-).
Other options are:
- build your own 2.4.x (see Kernel-HOWTO, if it's not too outdated)
- use ipchains.

I don't know ipchains enough to tell you how to do it, i don't even know if
it's possible.... But
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-6.html#ss6.8 may be of
interest to you.

Greetings,

Michel Wilson.

RE: Linux NAT questions- (kernel upgrade??)

[Feng Xian]

i think iptables is a new feature in kernel 2.4.x(and you have to build
it in the kernel or as module). you can use ipchains if
you are running kernel with lower version, 2.2.something.

Alex

On Wed, 2 May 2001, Sim, CT (Chee Tong) wrote:

> Hi.. I follow your instruction, but I encounter this issue, my kernel need
> to be upgrade? MAy I know how to determine the current kernel version and
> how to upgrade it??
>
>
> [root@guava /root]# iptables -t nat -A PREROUTING -p tcp --dst 1.1.1.160 -i
> eth1 -j D
> NAT --to-destination 192.168.200.2
> iptables v1.1.1: can't initialize iptables table `nat': iptables who? (do
> you need to insm
> od?)
> Perhaps iptables or your kernel needs to be upgraded.
>
>
> [root@guava simc]# rpm -ivh iptables-1_2_0-6_i386.rpm
> error: failed dependencies:
>         kernel >= 2.4.0 is needed by iptables-1.2.0-6
>
>
> -----Original Message-----
> From: Michel Wilson [mailto:michel@procyon14.yi.org]
> Sent: Wednesday, May 02, 2001 5:13 PM
> To: Sim, CT (Chee Tong)
> Cc: linux-kernel@vger.kernel.org
> Subject: RE: Linux NAT questions
>
>
> > what I am trying to do is this. I have a genuine network, say 1.1.1.x, and
> > my Linux host is on it, as 1.1.1.252 (eth0). I also have a second
> > network at
> > the back of the Linux box, 192.168.200.x, and a web server on
> > that network,
> > 192.168.200.2. The Linux address is 192.168.200.1 on eth1.
> >
> > What I want to do is make the web server appear on the 1.1.1.x network as
> > 1.1.1.160. I have done this before with Firewall-1 on NT, by
> > putting an arp
> > entry for 1.1.1.160 to point to the Linux machine eth0. The packets get
> > redirected into the Linux machine, then translated, and then routed out of
> > eth1.
> >
> > The benefit is that there is no routing change to the 1.1.1.x network, and
> > the Linux box isn't even seen as a router.
> >
> > I would appreciate any help with this. Any command to do this?
> >
> > Chee Tong
> This isn't really a kernel question. I think you'd better ask it on some
> linux network list/newsgroup. But here's an answer anyway....
>
> You could add 1.1.1.160 to eth0:
>    ip addr add 1.1.1.160 dev eth0
> and then use NAT to redirect these to the webserver:
>    iptables -t nat -A PREROUTING -p tcp --dst 1.1.1.160 -i eth1 -j
> DNAT --to-destination 192.168.200.2
>
> This should work, AFAIK, but i didn't try it myself. You could also try to
> use the arp command (see 'man arp'), but i don't know exactly how that
> works.
>
> Good luck!
>
> Michel Wilson.
>
>
> ==================================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ==================================================================
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
>
> ==================================================================
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

-- 
        Feng Xian
   _o)     .~.      (o_
   /\\     /V\      //\
  _\_V    // \\     V_/_
         /(   )\
          ^^-^^
           ALEX

Re: Linux NAT questions- (kernel upgrade??)

[Russell King]

On Wed, May 02, 2001 at 08:22:54AM -0400, Feng Xian wrote:
> i think iptables is a new feature in kernel 2.4.x(and you have to build
> it in the kernel or as module). you can use ipchains if
> you are running kernel with lower version, 2.2.something.

I think you'll find that 2.4 is compatible with ipchains, as long as
you load the relevent module/configure the kernel right.

--
Russell King (rmk@arm.linux.org.uk)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html

Re: Linux NAT questions- (kernel upgrade??)

[Vivek Dasmohapatra]

On Wed, 2 May 2001, Russell King wrote:

> On Wed, May 02, 2001 at 08:22:54AM -0400, Feng Xian wrote:
> > i think iptables is a new feature in kernel 2.4.x(and you have to build
> > it in the kernel or as module). you can use ipchains if
> > you are running kernel with lower version, 2.2.something.
> 
> I think you'll find that 2.4 is compatible with ipchains, as long as
> you load the relevent module/configure the kernel right.

Which doesn't appear to be the problem, as the guy seems to be running 2.2
or at least 2.4 w/o iptables.

-- 
"Aren't you ashamed of yourself?"
"No, I have people to do that for me."

[OT] Re: Linux NAT questions- (kernel upgrade??)

[J Sloan]

"Sim, CT (Chee Tong)" schrieb:

> Hi.. I follow your instruction, but I encounter this issue, my kernel need
> to be upgrade? MAy I know how to determine the current kernel version

uname -a

> and
> how to upgrade it??

Either upgrade to a distro that includes the new kernel
(e.g. latest SuSE or Red Hat) or download kernel source
and compile. It might be helpful to provide the distribution
and version you are using (Red Hat 6.2, Slackware 7,
Debian Potato, etc)

> [root@guava /root]# iptables -t nat -A PREROUTING -p tcp --dst 1.1.1.160 -i
> eth1 -j D
> NAT --to-destination 192.168.200.2
> iptables v1.1.1: can't initialize iptables table `nat': iptables who? (do
> you need to insm
> od?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> [root@guava simc]# rpm -ivh iptables-1_2_0-6_i386.rpm
> error: failed dependencies:
>         kernel >= 2.4.0 is needed by iptables-1.2.0-6

Yes, of course iptables won't work with the old kernel.
If you want to stay with the old kernel, you must use
ipchains instead.

cu

Jup

RE: [OT] Re: Linux NAT questions- (kernel upgrade??)

[Sim, CT (Chee Tong)]

I am using the Red Hat 7,  below are my kernel version.  I feel Red Hat 7 is
quite new, although RH 7.1 has just come out.  How come it still say that my
kernel version is old.

[root@guava simc]# uname -a
Linux guava 2.2.16-22 #1 Tue Aug 22 16:16:55 EDT 2000 i586 unknown
[root@guava simc]#

-----Original Message-----
From: J Sloan [mailto:jjs@toyota.com]
Sent: Thursday, May 03, 2001 1:24 AM
To: Sim, CT (Chee Tong)
Cc: Linux kernel
Subject: [OT] Re: Linux NAT questions- (kernel upgrade??)


"Sim, CT (Chee Tong)" schrieb:

> Hi.. I follow your instruction, but I encounter this issue, my kernel need
> to be upgrade? MAy I know how to determine the current kernel version

uname -a

> and
> how to upgrade it??

Either upgrade to a distro that includes the new kernel
(e.g. latest SuSE or Red Hat) or download kernel source
and compile. It might be helpful to provide the distribution
and version you are using (Red Hat 6.2, Slackware 7,
Debian Potato, etc)

> [root@guava /root]# iptables -t nat -A PREROUTING -p tcp --dst 1.1.1.160
-i
> eth1 -j D
> NAT --to-destination 192.168.200.2
> iptables v1.1.1: can't initialize iptables table `nat': iptables who? (do
> you need to insm
> od?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> [root@guava simc]# rpm -ivh iptables-1_2_0-6_i386.rpm
> error: failed dependencies:
>         kernel >= 2.4.0 is needed by iptables-1.2.0-6

Yes, of course iptables won't work with the old kernel.
If you want to stay with the old kernel, you must use
ipchains instead.

cu

Jup


==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==================================================================

Re: [OT] Re: Linux NAT questions- (kernel upgrade??)

[J Sloan]

"Sim, CT (Chee Tong)" schrieb:

> I am using the Red Hat 7,  below are my kernel version.  I feel Red Hat 7 is
> quite new, although RH 7.1 has just come out.  How come it still say that my
> kernel version is old.

Ah, by old is meant the 2.2 version -
7.1 is the first RH release to ship with kernel 2.4.

You can certainly run a 2.4 kernel on your 7.0
box - I only ran 2.2.16 on my RH 7.0 boxes for
as long as it tool me to pull down the kernel
sources and compile a 2.4 kernel.

cu

jjs