Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751053AbXAURDH (ORCPT ); Sun, 21 Jan 2007 12:03:07 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751083AbXAURDH (ORCPT ); Sun, 21 Jan 2007 12:03:07 -0500 Received: from smtp-vbr5.xs4all.nl ([194.109.24.25]:3899 "EHLO smtp-vbr5.xs4all.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751053AbXAURDF (ORCPT ); Sun, 21 Jan 2007 12:03:05 -0500 Date: Sun, 21 Jan 2007 18:02:49 +0100 From: thunder7@xs4all.nl To: Justin Piszcz Cc: thunder7@xs4all.nl, Avuton Olrich , linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org Subject: Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible Message-ID: <20070121170249.GA19956@amd64.of.nowhere> Reply-To: Jurriaan References: <3aa654a40701201245s72b2f76hc70ddd94b70ba99c@mail.gmail.com> <20070121155219.GA7413@amd64.of.nowhere> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2884 Lines: 76 From: Justin Piszcz Date: Sun, Jan 21, 2007 at 11:48:07AM -0500 > > What about all of the changes with NAT? I see that it operates on > level-3/network wise, I enabled that and backward compatiblity support as > well, but when my iptables rules kick in, it says no such driver/etc for > `nat'-- is there a new target for iptables now or did I miss a kernel > option? > Well, I'm typing this on my laptop, connected via my main server to the internet, using SNAT, according to the firehol manpage. The main server runs 2.6.20-rc5, and somewhere in my 2.6.20-rc5 .config, there is CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_FTP=m CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_TFTP=m CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m CONFIG_NF_NAT_SIP=m and my firewall's manpage says: FIREHOL.CONF(5) User Contributed Perl Documentation FIREHOL.CONF(5) masquerade [reverse | interface] [optional rule parameters] Masquerading is a special from of SNAT (Source NAT) that changes the source of requests when they go out and replaces their original source when replies come in. This way a Linux box can become an internet router for a LAN of clients having unroutable IP addresses. Masquerading takes care to re-map IP addresses and ports as required. Masquerading is "expensive" compared to SNAT because it checks the IP address of the ougoing interface every time for every packet, and therefore it is suggested that if you connect to the internet with a static IP address, to prefer SNAT. while my /etc/firehol/firehol.conf has a part in it like this: # # route access from the clients to the internet # router internet2network inface adsl outface switch masquerade reverse client all accept All in all, NAT is working for me with 2.6.20-rc5. I do remember I had to reselect all the netfilter modules in menuconfig. Good luck, Jurriaan -- > What does ELF stand for (in respect to Linux?) ELF is the first rock group that Ronnie James Dio performed with back in the early 1970's. In constrast, a.out is a misspelling of the French word for the month of August. What the two have in common is beyond me, but Linux users seem to use the two words together. seen on c.o.l.misc Debian (Unstable) GNU/Linux 2.6.20-rc5 2x2011 bogomips load 0.83 the Jack Vance Integral Edition: http://www.integralarchive.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/