Re: Combined Internal/External DNAT question

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: Combined Internal/External DNAT question
Date: Mon, 16 May 2005 16:06:43 -0500	[thread overview]
Message-ID: <42890B63.2000603@riverviewtech.net> (raw)
In-Reply-To: <Pine.LNX.4.60.0505161548000.15128@darkstar.sysinfo.com>

> an interesting tidbit from the iptables man pages suggests that their is 
> a built in facility for this one to one nat thingie I'm looking into here;
> 
> NETMAP
>        This  target allows you to statically map a whole network of addresses onto another network of addresses.
>        It can only be used from rules in the nat table.
> 
>        --to address[/mask]
>               Network address to map to.  The resulting address will be constructed in the  following  way:  All
>               'one'  bits  in the mask are filled in from the new `address'.  All bits that are zero in the mask
>               are filled in from the original address.
> 
> If I read this correctly, it appears to build the hash tables of 
> addresses for one eh?

As I understand it the NETMAP target is used to do NATing on a large range ((sub)network) of IPs in on rule.  Thus you could directly translate 192.168.0.1 <-> 172.16.0.1, 192.168.0.2 <-> 172.16.0.2, 192.168.0.n <-> 172.16.0.n, etc.

As far as your situation are you really wanting each computer on your network to have a globally routable IP?  If not then you do not need / want to look at NETMAP.



Grant. . . .

next prev parent reply	other threads:[~2005-05-16 21:06 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <42889941.5060507@griffous.net>
2005-05-16 18:35 ` Combined Internal/External DNAT question Taylor, Grant
2005-05-16 19:27   ` R. DuFresne
2005-05-16 19:50     ` R. DuFresne
2005-05-16 21:06       ` Taylor, Grant [this message]
2005-05-21  0:28         ` filtering in which rules? R. DuFresne
2005-05-21  1:11           ` Daniel Lopes
2005-05-21  2:37           ` Taylor, Grant
2005-05-21 19:24           ` Jason Opperisano
2005-05-19 10:53 Combined Internal/External DNAT question Jonathan Wheeler
  -- strict thread matches above, loose matches on Subject: below --
2005-05-15 16:54 Gary W. Smith
2005-05-15 16:35 Gary W. Smith
2005-05-14  5:51 Jonathan Wheeler
2005-05-15 23:56 ` Taylor, Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42890B63.2000603@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox