[4108] in linux-net channel archive
Re: IP Address Translation
daemon@ATHENA.MIT.EDU (really kuznet@ms2.inr.ac.ru)
Tue Aug 20 11:24:08 1996
From: inr-linux-net@ms2.inr.ac.ru (really kuznet@ms2.inr.ac.ru)
To: linux-net@vger.rutgers.edu
Date: 20 Aug 1996 17:54:33 +0400
David C Niemi/Administrator/DCLinux/LUGMAN/WAUUG (niemi@wauug.erols.COM) wrote:
: On 19 Aug 1996, really kuznet@ms2.inr.ac.ru wrote:
: > I use such map for pretty long time. Just try traceroute to
: > 193.233.7.86 (it is mapped 192.203.80.139).
: I did, it does not reveal anything about 192.x.x.x; I take it 192.x.x.x is
: your internal network.
Sure! 192.203.80.0/25 has its own external link broken, but all the hosts
on this net keep old addresses, router 193.233.7.65 masquerades them as
193.233.7 addresses.
: of code with the masquerading code, I'd expect.
I have troubles here. Firewalling code use port numbers,
so that it cannot be hashed. (I tried it and got so huge hash tables,
that hashing only eats memory and requires a lot of time for maintanance)
Routing should be scalable to huge routing tables, so that
it cannot make firewall-like pattern matching.
My current solution is based on routing code with routing
by destination, source and tos, but the variant with cached
firewall rules on the top of routing tables could be more reasonable.
: Will it be oriented towards mapping blocks of addresses?
Sure.
: And are there
: any special requirements about the sorts of addresses that can be mapped
: between? And are your "external" addresses permitted on the internal
: network, to be passed through without translation? (to see the benefit of
: this last circumstance, think of "old" and "new" addresses rather than
: "internal" and "external").
Mapped addresses from any point except for mapping router look as
owned by router.
Even mapped hosts do not suspect, that they are mapped.
When I make ping 193.233.7.86 from 192.203.80.139, echo request goes
to router, that maps destination to 192.203.80.139,
source to 193.233.7.86 and forwards packet back 8).
192.203.80.139 receives packet as sourced by 193.233.7.86,
answers, and reply goes through router again.
Yes, it could be silly, but otherwise:
- I'll had to divide network to internal and external parts.
- Make mapped hosts multihomed.
It will make more troubles than benefits.
Besides that, 193.233.7.85 is another router (you can see it
by traceroute), that resides on internal network,
but does not aware about 192.203.80 by policy reasons.
Alexey Kuznetsov.
