[mythtv-users] Ethernet troubles.

Brian Wood beww at beww.org
Mon Apr 27 13:50:18 UTC 2009 

On Monday 27 April 2009 07:32:35 Ronald Frazier wrote:
> >> I actually do 'real' NAT to my internal network using IPTABLES on my
> >> Firewall machine.
> >
> > You have multiple external IPs with one-to-one mapping to your internal
> > network?
>
> Just because NAT is used in combination with private addresses doesn't
> make it not "real" or "pure". It's still NAT, which simply means
> translating one address into another address. Either way it maintains
> the same style lookup table (address X maps to address Y). It just so
> happens that all of the addresses in one of the columns are the same
> address.
>
> That might not seem so obvious if you haven't actually used something
> like iptables, but once you have, it is glaringly obvious exactly how
> it is done. With iptables, it takes the exact same configuration
> commands to setup a 1-to-1 mapping as it does a 1-to-many mapping of
> addresses. The only difference is what you specify as the source and
> destination addresses in the configuration commands.

My understanding is that NAT is for re-using real (ie: non-RFC-1918) 
addresses, while IP masquerading is used to map 1 or more real addresses to 1 
or more RFC-1918 ("private") addresses. Of course my understanding could be 
wrong.

So a machine on an internal network using NAT will have a "real" address, 
while a machine on a network using IP Masquerading will have an RFC-1918 
address. I guess you could use "real" addresses on the internal network, but 
I see no advantage to doing so, and many possible problems. Not all routers 
out there obey the rule of not routing RFC-1918 addresses.

Obviously both methods use some sort of table to map one address to another, 
so they are very similar in method, but differ in the addresses being used.

Most home users have a single "real" IP address, which is why I said true NAT 
is not often encountered in home networks.

Of course most Myth users are more tech-savvy than the average homeowner, and 
many Myth users work in the IT field, so folks here are probably not 
representative. For example, I have 5 "real" IP addresses, but I use 4 of 
them directly, and use the fifth for an internal network using IP 
Masquerading. I could use true NAT, but I see no advantage to doing so, given 
what I need to accomplish.

Unfortunately the true meaning of NAT is being perverted to refer to any 
system that maps one set of addresses (which might be a single address) to 
another.  I guess this doesn't really hurt anything, as long as people 
understand what's going on, but it bothers purists like myself.

I used to laugh at setup instructions that told the user to "not just pick a 
random address", but I guess such an instruction was needed.

-- 
beww
beww at beww.org

More information about the mythtv-users mailing list