From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Help: iptables NAT broken with pppoe
Date: Mon, 9 May 2005 10:08:51 -0400 [thread overview]
Message-ID: <20050509140851.GA4840@bender.817west.com> (raw)
In-Reply-To: <427EFB7D.8010503@riverviewtech.net>
On Mon, May 09, 2005 at 12:56:13AM -0500, Taylor, Grant wrote:
> Ok. I've never heard or seen reference to /proc/sys/net/ipv4/ip_dynaddr
> before and I'm not sure what its purpose is let alone that it is requried.
> Does any one have any more information on what it is and what its purpose
> is?
************************************************************************
$ cat /usr/src/linux-2.6.11/Documentation/networking/ip_dynaddr.txt
IP dynamic address hack-port v0.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This stuff allows diald ONESHOT connections to get established
by dynamically changing packet source address (and socket's if
local procs). It is implemented for TCP diald-box connections(1)
and IP_MASQuerading(2).
1) Socket (and packet) source address is rewritten ON RETRANSMISSIONS
while in SYN_SENT state (diald-box processes).
2) Out-bounded MASQueraded source address changes ON OUTPUT (when
internal host does retransmission) until a packet from outside is
received by the tunnel.
This is specially helpful for auto dialup links (diald), where the
``actual'' outgoing address is unknown at the moment the link is going
up. So, the *same* (local AND masqueraded) connections requests that
bring the link up will be able to get established.
[*] At boot, by default no address rewriting is attempted.
To enable:
# echo 1 > /proc/sys/net/ipv4/ip_dynaddr
To enable verbose mode:
# echo 2 > /proc/sys/net/ipv4/ip_dynaddr
To disable (default)
# echo 0 > /proc/sys/net/ipv4/ip_dynaddr
Enjoy!
-- Juanjo <jjciarla@raiz.uncu.edu.ar>
************************************************************************
-j
--
"Narrator: Remember, nothing says "good job" like a firm, open-palm
slap on the behind."
--Family Guy
next prev parent reply other threads:[~2005-05-09 14:08 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-06 16:36 Help: iptables NAT broken with pppoe Albrecht Dreß
2005-05-07 6:12 ` Taylor, Grant
2005-05-07 20:00 ` Albrecht Dreß
2005-05-09 5:56 ` Taylor, Grant
2005-05-09 14:08 ` Jason Opperisano [this message]
2005-05-09 18:37 ` Albrecht Dreß
2005-05-09 18:43 ` Taylor, Grant
2005-05-10 10:31 ` Andy Furniss
2005-05-10 10:36 ` Andy Furniss
2005-05-10 11:02 ` Albrecht =?unknown-8bit?q?Dre=DF?=
2005-05-10 13:19 ` Andy Furniss
2005-05-11 17:00 ` Albrecht Dreß
2005-05-11 18:39 ` Taylor, Grant
2005-05-10 3:00 ` R. DuFresne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050509140851.GA4840@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox