From: Stephan Scholz <sscholz@astaro.com>
To: Pedro Drimel Neto <pedrodrimel@uol.com.br>
Cc: netfilter@lists.netfilter.org
Subject: Re: NTH
Date: Fri, 31 Mar 2006 12:58:05 +0200 [thread overview]
Message-ID: <442D0B3D.70007@astaro.com> (raw)
In-Reply-To: <000501c65420$333e10b0$2f00a8c0@TRINTASETE>
Yes, that should work. Simply increase the "every" number and add a new rule.
Example for 4 hosts:
iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth --counter 7 --every 4 --packet 0 -j SNAT --to-source 10.0.0.2
iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth --counter 7 --every 4 --packet 1 -j SNAT --to-source 10.0.0.3
iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth --counter 7 --every 4 --packet 2 -j SNAT --to-source 10.0.0.4
iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth --counter 7 --every 4 --packet 3 -j SNAT --to-source 10.0.0.5
Stephan
Pedro Drimel Neto wrote:
> Hi all,
>
> I'm using the nth module for each connection it change of IP.
> The scenario is:
> -------------- -------------
> | Server with | ------ > | Server |
> | NTH | | Master |
> -------------- -------------
> So, the users connect to "Server with NTH" and the .bashrc of the user
> has a ssh to "Server Master".
> On "Server with NTH" has an interface, eth0, with 2 logics, eth0:0 and
> eth0:1
> eth0: 10.0.0.2
> eth0:0 10.0.0.3
> eth0:1: 10.0.0.4
> Above are the rules on "Server with NTH"
> iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth
> --counter 7 --every 3 --packet 0 -j SNAT --to-source 10.0.0.2
> iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth
> --counter 7 --every 3 --packet 1 -j SNAT --to-source 10.0.0.3
> iptables -t nat -A POSTROUTING -o eth0 -d "Server Master" -m nth
> --counter 7 --every 3 --packet 2 -j SNAT --to-source 10.0.0.4
>
> So, at each connection to "Server Master" the IP is changed.
> As NTH support only packet 0, 1 and 2 and I need to more IPs to be
> changed, if I add more a interface does it work ?
> Thanks a lot.
>
> Regards.
>
--
Stephan Scholz
sscholz@astaro.com | Development
Astaro AG | www.astaro.com | Phone +49-721-25516-0
Fax +49-721-25516-200
Amalienbadstraße 36 / Bau 33a | 76227 Karlsruhe | Germany
- PC Magazine Best of the Year 2004/2005
- CRN Best of the Year 2005
- SC Magazine "Best Buy" & 5 star rating - October 2005, Best of the Year 2005
- Internet Professionell "Empfehlung der Redaktion" - November 2005
prev parent reply other threads:[~2006-03-31 10:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-30 17:34 NTH Pedro Drimel Neto
2006-03-31 10:58 ` Stephan Scholz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=442D0B3D.70007@astaro.com \
--to=sscholz@astaro.com \
--cc=netfilter@lists.netfilter.org \
--cc=pedrodrimel@uol.com.br \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.