All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Source IP translation
@ 2004-09-23  3:58 Ryan Johnson
  2004-09-23 19:02 ` Corey Rogers
  0 siblings, 1 reply; 2+ messages in thread
From: Ryan Johnson @ 2004-09-23  3:58 UTC (permalink / raw)
  To: lartc

Hey everyone,

	OK, not sure if this is more appropriate on the netfilter mailing list, 
but here it goes.

This is a weird setup that is out of my company's control. We have a 
webserver setup which will be contacted by several clients with 
different ip. All of these client ip must be translated to the same ip. 
The problem is this all has to happen on the same box. So before the 
packet reaches the apache webserver daemon, can the kernel running on 
the webserver translate the source address?

I have tried iproute2 and iptables with no luck. Looked at netfilter 
patch-o-matic-ng and did not see anything that would help me. Is this 
even possible?

I would need something like this
iptables -A PREROUTING -i ethX -s $CLIENTIP -d $WEBSERVER -j SNAT --to 
$NEWCLIENTIP

but the SNAT is not supported in PREROUTING.

Any ideas? I not familiar with iproute2 so if there is a solution could 
you post the commands.

Thank you in advance,

Ryan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] Source IP translation
  2004-09-23  3:58 [LARTC] Source IP translation Ryan Johnson
@ 2004-09-23 19:02 ` Corey Rogers
  0 siblings, 0 replies; 2+ messages in thread
From: Corey Rogers @ 2004-09-23 19:02 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 2933 bytes --]

Source natting occurs in the POSTROUTING chain (the source nat occurs
after the routing decisions have been made for the packet, destination
nats however occur before routing decisions are made). You are currently
using PREROUTING with "-j SNAT" iptables will exit with an error as a
result.


On Wed, 2004-09-22 at 23:58 -0400, Ryan Johnson wrote:
> Hey everyone,
> 
> 	OK, not sure if this is more appropriate on the netfilter mailing list, 
> but here it goes.
> 
> This is a weird setup that is out of my company's control. We have a 
> webserver setup which will be contacted by several clients with 
> different ip. All of these client ip must be translated to the same ip. 
> The problem is this all has to happen on the same box. So before the 
> packet reaches the apache webserver daemon, can the kernel running on 
> the webserver translate the source address?
> 
> I have tried iproute2 and iptables with no luck. Looked at netfilter 
> patch-o-matic-ng and did not see anything that would help me. Is this 
> even possible?
> 
> I would need something like this
> iptables -A PREROUTING -i ethX -s $CLIENTIP -d $WEBSERVER -j SNAT --to 
> $NEWCLIENTIP
> 
> but the SNAT is not supported in PREROUTING.
> 
> Any ideas? I not familiar with iproute2 so if there is a solution could 
> you post the commands.
> 
> Thank you in advance,
> 
> Ryan
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
-- 


Corey Rogers
Senior System Administrator
Wamco Technology Group Ltd (Barbados)
Building #4, Suite 103
Harbour Industrial Park, St. Michael
Phone: (246)437-3154  FAX: (246)434-8883
 

Windows (win'-doze) 95 (n.): 32-bit extensions to a 16-bit graphical
shell for an 8-bit operating system originally coded for a 4-bit
microprocessor by a 2-bit company that can't stand 1 bit of
competition.
 

[F]or those of you who are constantly belittled by your peers for
believing that Big Brother is out to get you, be assured, it is.  In
fact,you are probably not paranoid enough."
  - editorial, "Today's Technology Can Easily Track Criminals and
    Ex-offenders", _The_ECHO_ newspaper, Jan. 1998


CONFIDENTIALITY NOTICE: This e-mail message including attachments, if
any, is (are) for the intended recipient only (person or entity) and may
contain confidential or proprietary information some or all of which may
be legally privileged. Any unauthorized review, use, copy, print,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message and do not in any way rely on this
e-mail. If you are the intended recipient but do not wish to receive
communications through this medium, please so advise the sender
immediately.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-09-23 19:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-23  3:58 [LARTC] Source IP translation Ryan Johnson
2004-09-23 19:02 ` Corey Rogers

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.