Subject: Re: nat configuration
To: Bill Studenmund <>
From: Andrew Brown <>
List: tech-net
Date: 01/09/2001 14:44:12
>> >Hmmm.... I just tried it, and now it works! I thought it didn't used to.
>> >Either I misremembered, or it's been fixed.
>> um...what works?  a more current nat can mux pings?
>Yes. My 1.5 NAT box seems to be multiplexing pings. I had one box ping
>, and another ping, and they both worked. My
>nat config looks like yours, except that I have my hard IP in there
>instead of, and I am using the outgoing ethernet card. :-)

make it more interesting, just to amuse me?  ping the same outside
address ( i usually use from two machines inside the nat
and lemme know if it works.

>> >All my machines are running 1.5.
>> all my machines are running current with less than a two month lag
>> behind today.
>I hope it didn't get fixed then broken.

me too.

>> >If it really works with userland ppp (which I thought was a downgrade from
>> >1.5's ppp) but not kernel ppp, then there's a ppp bug.
>> the userspace ppp is, afaik, a *completely* separate and distinct
>> implementation of ppp.  all it requires of the kernel is a serial
>> interface (with a modem) and a tunnel interface (for packets to go
>> through).  it's not a downgrade...perhaps a "sidegrade".
>I thought they were based on the same ppp project. The reason for the ppp
>package was that it's set to version 2.3.11, which is newer than the ppp
>in 1.4. But 1.5 and current are using ppp 2.4, which is newer, thus an
>overall downgrade.

they might have some common roots, if you dig far enough back (like
netbsd and freebsd), but the userspace one and the kernel space one
are very different.  some examples: the userspace one doesn't use does it all itself; the userspace one does nat all by
itself, it doesn't rely on the kernel; the userspace one also claims
to support mppp, which i've not tried, whereas pppd says that only
works under linux.  that might sounds a bit slanted, but those were
the first things i thought of.

>> the nat (called aliasing) in the userspace ppp is what actually
>> handles the multiple outbound pings.  i imagine it's fiddling with the
>> icmp echo request identifier and using it as it uses the local port
>> number rewriting for udp and tcp.
>Does it work with that aliasing off?

not for me, no, since none of my inside machines addresses are routed
back to me properly.  that's something i've been meaning to deal with,
but haven't yet.

on a side note, i just thougfht about it a tiny bit more and
remembered that my nat rules rewrite traffic over ppp0, not tun0,
which is what the userspace ppp uses.  so, no conflict.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."