lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 21 Jan 2007 18:02:49 +0100
From:	thunder7@...all.nl
To:	Justin Piszcz <jpiszcz@...idpixels.com>
Cc:	thunder7@...all.nl, Avuton Olrich <avuton@...il.com>,
	linux-kernel@...r.kernel.org, linux-raid@...r.kernel.org
Subject: Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible

From: Justin Piszcz <jpiszcz@...idpixels.com>
Date: Sun, Jan 21, 2007 at 11:48:07AM -0500
> 
> What about all of the changes with NAT?  I see that it operates on 
> level-3/network wise, I enabled that and backward compatiblity support as 
> well, but when my iptables rules kick in, it says no such driver/etc for 
> `nat'-- is there a new target for iptables now or did I miss a kernel 
> option?
> 

Well, I'm typing this on my laptop, connected via my main server to the
internet, using SNAT, according to the firehol manpage. The main server
runs 2.6.20-rc5, and somewhere in my 2.6.20-rc5 .config, there is

CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_NF_NAT_SIP=m

and my firewall's manpage says:

FIREHOL.CONF(5)       User Contributed Perl Documentation      FIREHOL.CONF(5)


       masquerade [reverse | interface] [optional rule parameters]

         Masquerading is a special from of SNAT (Source NAT) that changes the
         source of requests when they go out and replaces their original
         source when replies come in. This way a Linux box can become an
         internet router for a LAN of clients having unroutable IP addresses.
         Masquerading takes care to re-map IP addresses and ports as required.

         Masquerading is "expensive" compared to SNAT because it checks the IP
         address of the ougoing interface every time for every packet, and
         therefore it is suggested that if you connect to the internet with a
         static IP address, to prefer SNAT.

while my /etc/firehol/firehol.conf has a part in it like this:

#
# route access from the clients to the internet
#
router internet2network inface adsl outface switch
	masquerade reverse
	client all accept

All in all, NAT is working for me with 2.6.20-rc5. I do remember I had
to reselect all the netfilter modules in menuconfig.

Good luck,
Jurriaan
-- 
> What does ELF stand for (in respect to Linux?)
ELF is the first rock group that Ronnie James Dio performed with back in 
the early 1970's.  In constrast, a.out is a misspelling	 of the French word 
for the month of August.  What the two have in common is beyond me, but 
Linux users seem to use the two words together.
	seen on c.o.l.misc
Debian (Unstable) GNU/Linux 2.6.20-rc5 2x2011 bogomips load 0.83
the Jack Vance Integral Edition: http://www.integralarchive.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ