[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: Re: some question about NAT
From: Henrik Nordstrom <hno () marasystems ! com>
Date: 2001-05-30 12:58:04
[Download RAW message or body]
netfilter provides a basic framework for connection-oriented NAT (TCP,
UDP and ICMP).
Normally this framework is activated via iptables
DNAT/SNAT/MASQUERADE targets which initiates the NAT:ing by defining the
NAT rule (source/destination IP,port).
In order to support "odd" protocols using more than one communication
channel and/or requiring data modificaitons the framework supports loadable
helper modules, where ip_nat_dump is one example of such a helper module.
In addition to a NAT helper module, most protocols also require a connection
tracking helper module.
For some information on how to write conntrack and nat helper modules, see
the document "Netfilter connection tracking and nat helper modules"
<http://www.gnumonks.org/ftp/pub/doc/conntrack+nat.html> by Harald Welte,
and the sources of the existing helpers.
If your target is to change the address allocation scheme used, then see
documents on how to write a iptables target, and consult any of the existing
NAT targets. Note: there are some more advanced NAT targets in netfilter
patch-o-matic at the moment..
--
Henrik Nordstrom
MARA Systems
biwu.xie [Öx±ØÎä] wrote:
> hi:)
> When i read the NAT part of Linux2.4.3 source code. I meet some
> questions.
> 1)what relations between the ip_nat_hash "ipscource" and "ipsproto"?
> 2)how to use conntrack to do NAT?And what is the data flow?
> 3)In ip_nat _dumb.c,there is "ip_do_nat" function.But in
> ip_nat_standalone.c,there is "ip_nat_fn" .
> what is their relation?If no relation,what is their operation
> respectively?
> 4)What fill in the "tuple" of tuplehash[IP_CT_DIR_ORIGNE] and
> tuplehash[IP_CT_DIR_REPLY]
> Except your help,thank u very much.
>
>
>
> yours xiebiwu
>
> 5.30
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic