From: Oscar Mechanic <oscar@ufomechanic.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] What Cisco calls 'Overloading NAT'??
Date: Thu, 10 Nov 2005 16:41:06 +0000 [thread overview]
Message-ID: <1131640866.7845.54.camel@OSCARLAPLIN> (raw)
In-Reply-To: <Pine.LNX.4.58.0511090853490.16470@linux.dpsims.com>
If I was thee I would install iptables. To my knowledge the nat
implementation in ip is stateless so you could not use it for that but I
stand to be corrected.
You could do a nice implementation using nth or random on SNAT. So if it
is a new connections using connstate then put it into nth off a SNAT
target and conntrack will do the rest for you.
Of coarse all of this is useless if you dont have iptables. But
ubuntu/debian rpms are top class.
You did not say what session proto you were using. Oh I just remembered
something if you are using SIP then you will have to be able to catch
the RTP channel and nat them the same.
The SNAT target in iptables has a round robin feature but I think the
above point will be a problem.
On Thu, 2005-11-10 at 10:16 -0600, David Sims wrote:
> Hi Oscar,
>
> I am doing the existing routing (only!) with a pretty bare Ubuntu server
> install... i.e., no firewall and no iptables at this point.... Cisco (in
> at least some software) allows many:1 NAT with a pool of NAT addresses
> rather than a single address.... This way, every connection seems to come
> from a different post-NAT address (at least up to the number of addresses
> in the pool).... I am curious if Linux iproute2 supports this concept??
>
> Dave
> *************************************************************************
> On Thu, 10 Nov 2005, Oscar Mechanic wrote:
>
> > Is that not multiple NETMAP entries in iptables. Are you using
> > SIP/H323/MGCP
> >
> >
> > On Wed, 2005-11-09 at 09:02 -0600, David Sims wrote:
> > > Hi,
> > >
> > > Is there a way in Linux to do NAT with a pool of outside addresses such
> > > that each connection to the outside resource gets a different IP address??
> > > I don't want 1:1 NAT as I have some thousands of IP addresses on one side
> > > of the LARTC router that _may_ need to access a resource on the other
> > > side... The resource needs to see a different IP address for each active
> > > call, but these addresses can be reused after the call concludes....
> > >
> > > Any clues??
> > >
> > > TIA,
> > >
> > > Dave
> > > _______________________________________________
> > > LARTC mailing list
> > > LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-11-10 16:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-09 15:02 [LARTC] What Cisco calls 'Overloading NAT'?? David Sims
2005-11-10 15:11 ` Oscar Mechanic
2005-11-10 16:16 ` David Sims
2005-11-10 16:41 ` Oscar Mechanic [this message]
2005-11-10 17:28 ` Oscar Mechanic
2005-11-10 18:13 ` Oscar Mechanic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1131640866.7845.54.camel@OSCARLAPLIN \
--to=oscar@ufomechanic.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.