* SNAT and obsolete SAME
@ 2009-05-31 18:02 Marek Kierdelewicz
0 siblings, 0 replies; only message in thread
From: Marek Kierdelewicz @ 2009-05-31 18:02 UTC (permalink / raw)
To: netfilter
Hello,
SAME target has been marked obsolete and removed from netfilter some
time ago. Searching mailing list archives I have found some claims that
SNAT with address range specified behaves like SAME. Can anyone confirm
following rule working the way I think it should (to be compatible with
SAME behaviour)?
rule:
iptables -t nat -j SNAT --to 80.80.80.0-80.80.80.10 -s 192.168.0.0/24
1) Let's assume 192.168.0.10 connects to news.google.com. Outgoing
connection is SNATted to 80.80.80.1.
2) While previous connection is in ESTABLISHED state, 192.168.0.10
connects to yahoo.com. Connection is SNATted to 80.80.80.1.
3) Sleep 1000, after that host 192.168.0.10 has no connections in
ESTABLISHED state.
4) Host 192.168.0.10 one again connects to news.google.com. Outgoing
connection may be SNATted to address other then 80.80.80.1.
Should current implementation of SNAT target work according to above
scenario?
Cheers,
Marek Kierdelewicz
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-05-31 18:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-31 18:02 SNAT and obsolete SAME Marek Kierdelewicz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.