To: lartc@vger.kernel.org
Subject: Re: [LARTC] NAT/MASQ with multiple external static IPs
Date: Tue, 14 Nov 2006 13:23:40 +0000 [thread overview]
Message-ID: <1163510620.4081.14.camel@localhost.localdomain> (raw)
In-Reply-To: <4559C167.3050300@winlink.ru>
В Вто, 14/11/2006 в 16:15 +0300, Ron McKown пишет:
> Hello everyone,
> really not sure if this is a LARTC question or not, but I have several
> hundred users all MASQ'd behind a single static IP. Users are reporting
> that certain websites are blacklisting that single static external IP
> for various reasons.
>
> What I would like to do is use several external IP's and have a MASQ'd
> user getting a random one each time.
>
> Here is a very simplified example:
>
> eth0: 1.2.3.4
> eth0:1 1.2.3.5
> eth0:2 1.2.3.6
> eth0:3 1.2.3.7
>
> eth1: 192.168.0.0/16
>
> Whereas, a user will sent out and given one of the eth0 addresses by random.
>
> Any clue where to start looking?
# man iptables
..........
SNAT
This target is only valid in the nat table, in the POSTROUTING chain.
It specifies that the source address of the packet should be modified
(and all future packets in this connection will also be mangled), and
rules should cease being examined. It takes one type of option:
--to-source ipaddr[-ipaddr][:port-port]
which can specify a single new source IP address, an inclusive
range of IP addresses, and optionally, a port range (which is
only valid if the rule also specifies -p tcp or -p udp). If no
port range is specified, then source ports below 512 will be
mapped to other ports below 512: those between 512 and 1023
inclusive will be mapped to ports below 1024, and other ports
will be mapped to 1024 or above. Where possible, no port alter-
ation will occur.
You can add several --to-source options. If you specify more
than one source address, either via an address range or multiple
--to-source options, a simple round-robin (one after another in
cycle) takes place between these adresses.
..........
--
Покотиленко Костик <casper@meteor.dp.ua>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2006-11-14 13:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-14 13:15 [LARTC] NAT/MASQ with multiple external static IPs Ron McKown
2006-11-14 13:23 ` [this message]
2006-11-24 12:05 ` Ron McKown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1163510620.4081.14.camel@localhost.localdomain \
--to=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.