Re: kerneld and IP masquerading

Matthias Urlichs (smurf@smurf.noris.de)
Wed, 10 Apr 1996 13:53:39 +0100

In linux.dev.kernel, article <4k5cpj$bm@portal.atak>,
Tom Lees <tom@lpsg.demon.co.uk> writes:
>=20
> I have an idea of how to implement IP masquerading application module=
s as
> loadable by kerneld. If we have the kernel to send a message to load =
a
> module "ip-masq-%d", %d being the port number for the masqerade appli=
cation
> wanted. Then, some code needs to be added to the 'modprobe' command s=
o that
> it accepts the following syntax in /etc/conf.modules:-
>=20
NB: Why is it that every other program I can think of uses foo.conf ins=
tead
of conf.foo? :-/=20

> alias ip-masq-21 ip_masq_ftp
> alias ip-masq-* off
>=20
Right.

> Anyone else have any comments/suggestions about this?
>=20
Yes. You need to cache that. One kerneld request per masqueraded sessio=
n
makes no sense whatever. Besides, those IP packets are routed, thus you=
're
in interrupt while you're doing this -> the kernel has to store the pac=
ket
somewhere until it gets a reply. Tossing the packet and relying on the =
TCP
retransmit is OK only if you have a cache and the socket isn't cached y=
et.

--=20
Xerox: A trademark for a photocopying device that can make rapid
reproductions of human error, perfectly.
-- Merle L. Meacham
--=20
Matthias Urlichs \ XLink-POP N=FCrnberg | EMail: urlichs@smurf.=
noris.de
Schleiermacherstra=DFe 12 \ Unix+Linux+Mac | Phone: ...please use =
email.
90491 N=FCrnberg (Germany) \ Consulting+Networking+Programming+etc'i=
ng 42
PGP: 1B 89 E2 1C 43 EA 80 44 15 D2 29 CF C6 C7 E0 DE=20
Click <A HREF=3D"http://smurf.noris.de/~smurf/finger">here</A>.