From: Unknown <netfilter-devel@demultiplexer.de>
To: netfilter-devel@lists.netfilter.org
Subject: Re: auto ip configuration
Date: Thu, 23 Jun 2005 15:16:20 +0200 [thread overview]
Message-ID: <1119532580.6911.18.camel@notbock> (raw)
In-Reply-To: <1119473580.7825.25.camel@notbock>
hello,
please could you developer have a look at the description below
and tell whethet there is the way to make it?
example scenario:
client host-------------------gateway--------------------internet
10.0.0.1-----------192.168.0.1_______213.39.239.123-------------->>>
It would be nice to have a iptables Target acting like SNAT/MASQUERADE
but in the PREROUTING table doing the inverse job.
The goal shoud be to translate not valid ip-addresses into valid local
address space, so user not being able to change their ip-setting could
surf the net.
I am not experienced in kernel hacking so i would preffer to donate for
your work if it is something no one would have but me.
thanks in advance
jaroslaw
> dear list,
>
> you know about people, which have some static ip configuration on their
> notebooks. they would like to connect to a smart gateway
> without the need to change anything.
>
> I would ask you whether this is possible to implement such a gateway
> using netfilter.
>
> I alredy build a working example with some tools and scripting
> but it isn't really performant and it have a lot of "design errors".
> Simple speaking it is a farpd running box, where all incoming requests
> are logged through the bridging code. The Syslog output is piped
> into a script and the requested ip is assigned to the lan interface.
> Evil thing ;-)
>
> I would preffer something like inverse SNAT/MASQUERADE.
> The difference would be, that:
> it applys to PREROUTING
> it does mapping from a big subnet (maybe 0/0) to a singe address or a
> range of addresses.
>
> The farpd would point all clients to the gateway.
> Having rp_filter disabled all misconfigured packets incoming on a lan
> interface would be translated into a valid ip address.
> Then the usual routing would take place.
> The response packets would be back-natted into the clients idea of the
> gateway address.
>
> Would please someone give me a pointer.
> Am I completly wrong with this?
>
> regards
> jaroslaw
>
next prev parent reply other threads:[~2005-06-23 13:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-22 20:53 auto ip configuration Unknown
2005-06-23 13:16 ` Unknown [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-06-22 20:55 Gary W. Smith
2005-06-22 21:02 ` Unknown
2003-06-10 1:25 Auto IP configuration Wei Ming Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1119532580.6911.18.camel@notbock \
--to=netfilter-devel@demultiplexer.de \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.