Thread: Stock kernel and NAT support
View Single Post
wek is offline wek
2010-01-05 , 09:31
Posts: 13 | Thanked: 11 times | Joined on Jan 2010
#7
Originally Posted by micalil View Post
Hi all.
After two days of pajama hacking I'm now sure that stock 2009.42-11 kernel cannot support NAT modules in a proper way, because the netfilter core is compiled in without CONFIG_NF_CONNTRACK or CONFIG_NF_CONNTRACK_MODULE (see line 214 of net/netfilter/core.c).

So, no matter how hard we try to get a "debian-polite" way to add needed modules to this kernel, they will simply not work.

I'm posting this to see how other people involved in tethering projects would think about what we are in front of, specifically:

* Build a new, more modulable, kernel without getting too far from the rx51_defconfig and go with it.
* Go completely userland via proxies of any sort, even heavily tweaked for low resource usage.

Both ways have a lot of bad points, but I'd like to know which one people would choose.

(btw, I think I found an almost elegant way to package "internal" kernel modules, ask freely if interested)
On my N810 I used a slighly different userland aproach.
I took the userland-network (slirp) code from qemu and
plumbed it to the interface the to be natted clients were behind
using pcap.
This gives you a completely userland-based NAT solution
with even a dhcp-server and dns-forwarding incorporated.
Of course it also has all non functional disadvantages of a
userland solution like additional delay and cpu-utilization but
apart from that from a functional perspective it behaves like
NAT. I even used to use VoIP and proprietary tunnel-clients
behind it.
 

The Following 4 Users Say Thank You to wek For This Useful Post: