Subject: Re: nat configuration
To: Bill Studenmund <wrstuden@zembu.com>
From: Andrew Brown <atatat@atatdot.net>
List: tech-net
Date: 01/09/2001 13:33:32
>Cleaning out old mail...
but...it's not spring yet. :)
>>...
>> will almost do what i want. when i translate the /8 to my /24, and
>> 209.1.2.0/24 to 0.0.0.0/32 (to match my ppp link), i get connectivity
>> for all my machines, but only one of them can have an active ping (to
>> the outside world) running at any given time.
>>
>> is there a way to do this? the userspace ppp implementation in pkgsrc
>> can do this, but i'd rather use a kernel space ppp implementation.
>
>Are you sure the userspace ppp implimentation can do that?
yep. i was sort of speaking from past experience, but just to be sure
i verified it again.
# uname -srm
NetBSD 1.5K i386
# pkg_info -I userppp
userppp-001107 User-PPP package as found in FreeBSD and OpenBSD
and i can get at two (probably more, but two is more than one to
define my point) machines behind the nat pinging the same outside
address (to demonstrate proper muxing/demuxing of the pings).
>I use NAT over my DSL, and only one of the boxes inside my net can ping
>out at the same time. It's not a ppp issue, and I'd be surprised if using
>a different ppp made it work. :-)
it's a nat issue, not a ppp issue.
>The problem is that NAT doesn't support it.
yes, i know. that's the point. ipnat, that is. hmm...i wonder what
ill effects i'd get from using the userspace ppp with aliasing (ie,
nat) turned on as well as ipnat...
>Hmmm.... I just tried it, and now it works! I thought it didn't used to.
>Either I misremembered, or it's been fixed.
um...what works? a more current nat can mux pings?
>All my machines are running 1.5.
all my machines are running current with less than a two month lag
behind today.
>If it really works with userland ppp (which I thought was a downgrade from
>1.5's ppp) but not kernel ppp, then there's a ppp bug.
the userspace ppp is, afaik, a *completely* separate and distinct
implementation of ppp. all it requires of the kernel is a serial
interface (with a modem) and a tunnel interface (for packets to go
through). it's not a downgrade...perhaps a "sidegrade".
the nat (called aliasing) in the userspace ppp is what actually
handles the multiple outbound pings. i imagine it's fiddling with the
icmp echo request identifier and using it as it uses the local port
number rewriting for udp and tcp.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."