[geeks] Rant: Network "Industry Leaders" That Don't.
Kris Kirby
kris at catonic.net
Wed May 1 17:29:37 CDT 2002
On Wed, 1 May 2002, Jonathan C. Patschke wrote:
> Both connections to the 'net use Lucent Orinoco wireless kit (the big
> "corporate" kit, not the identical "consumer-grade" kit) which -doesn't-
> do VLSM/CIDR (even though it needs to because of the way things have been
> arse-fscked to eternity).
>
> Also, if your entire network is 192.168.1.0/22, but your Orinoco POS is on
> 192.168.1.0/24, it refuses to NAT 192.168.2.0/23 and 192.168.0.0/24. If
> you tell it that you -really- want the entire /22 NATed, it won't NAT
> -anything-. It -drops- all the packets because you obviously didn't want
> it to do what you told it to. This sort-of makes sense, as that working
> would imply VLSM -not- making its little brain explode.
>
> There's one way to fix this, and I really hate-hate-hate doing this, but I
> need to do a selective NAT. Meaning, NAT everything from 192.168.2.0/23
> to anywhere -but- 192.168.1.0/24 and a.b.c.d/24 (a public network address
> block[2]). The only way I can see to do this is by entering $buttload of
> rules into /etc/nat.conf. Unless there's a way of inserting a logical
> (not bitwise) "or" into a NAT negation rule, like:
No. You can force the AP (access point / Lucent box) to run in Bridge mode
and get away from that NAT problem. Then you can run straight IP over the
link and NAT on your side on *all* IPs.
--
Kris Kirby, KE4AHR | TGIFreeBSD... 'Nuff said.
<kris at nospam.catonic.net> | IM: KrisBSD | HSV, AL.
-------------------------------------------------------
"Fate, it seems, is not without a sense of irony."
More information about the geeks
mailing list