tech-net: Re: nat configuration

Subject: Re: nat configuration
To: Andrew Brown <atatat@atatdot.net>
From: Brian Somers <brian@Awfulhak.org>
List: tech-net
Date: 01/22/2001 12:30:35
> >> >> >Hmmm.... I just tried it, and now it works! I thought it didn't used to.
> >> >> >Either I misremembered, or it's been fixed.
> >> >> 
> >> >> um...what works?  a more current nat can mux pings?
> >> >
> >> >Yes. My 1.5 NAT box seems to be multiplexing pings. I had one box ping
> >> >ftp.netbsd.org, and another ping cvs.netbsd.org, and they both worked. My
> >> >nat config looks like yours, except that I have my hard IP in there
> >> >instead of 0.0.0.0, and I am using the outgoing ethernet card. :-)
> >> 
> >> make it more interesting, just to amuse me?  ping the same outside
> >> address ( i usually use 137.39.1.3) from two machines inside the nat
> >> and lemme know if it works.
> >
> >Yes, it works.  libalias (used by user-ppp) recognises icmp traffic, 
> >and nat's the sequence number and IP.
> 
> no...what i meant was (a) using the nat built into netbsd-current, (b)
> ping one destination from (c) more than one machine behind the nat.
> 
> that, i believe, is what doesn't work (at least, not for me).  that is
> what works using the userspace ppp implementation.

Sorry, I misunderstood.  We're saying the same thing.

> >> >> >All my machines are running 1.5.
> >> >> 
> >> >> all my machines are running current with less than a two month lag
> >> >> behind today.
> >> >
> >> >I hope it didn't get fixed then broken.
> >> 
> >> me too.
> >
> >It still works (and will continue to).
> 
> using the in-kernel nat, or the userspace one?  i know the userspace
> one works.

Sorry, I misunderstood again.  I mean user-ppp :OI

[.....]
> >user-ppp was originally written by IIJ and was picked up by me and 
> >almost entirely re-written (multi-link support made this necessary) 
> >since then.
> 
> are there any common roots with the kernel one, or is it a completely
> clean-room re-implementation?  i expect that it's completely
> independent.

I believe it's completely independent although the VJ header 
compression code is derived from the same thing (the rfc AFAIK).  All 
the stuff I've done since '96/'97 is original.

If anyone's been in the pppd kernel code they'd know why... it's 
``evolved'' and has a lot of nasty bits that should really be 
re-designed away (IMHO).

> of course.  i'm beginning to suspect that some people are confusing
> what i'm saying.

Me for one :-)

[.....]
> -- 
> |-----< "CODE WARRIOR" >-----|
> codewarrior@daemon.org             * "ah!  i see you have the internet
> twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
> andrew@crossbar.com       * "information is power -- share the wealth."

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !