Re: Is there a way.... - Pascal Hambourg

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@lists.netfilter.org
Subject: Re: Is there a way....
Date: Thu, 04 May 2006 21:40:54 +0200	[thread overview]
Message-ID: <445A58C6.8060906@plouf.fr.eu.org> (raw)
In-Reply-To: <Pine.LNX.4.58.0604301836350.26623@linux.dpsims.com>

Hi,

David Sims wrote :
> 
>   I want to use Linux to do NAT between some 192.168.x.x addresses
> in a routed network on one side and a single 10.0.0.x/24 on the other
> side. I want to do one-to-one NAT but in a dynamic way... such that a
> calling address is NATed into the next available 10.0.0.x/24.... in a
> round robin sort of way... IS there a way to do this using NETFILTER??
> If not NETFILTER, then how??
> 
>   This sort of thing is common in many-to-one NAT (port-address
> translation)... but I need each call to come from a separate NATed IP
> address to support my application (TN3270 session)... It's OK to reuse
> addresses after a call (session) is complete, but each session needs to
> come from it's own fixed (for the duration of the session) IP address....

If by "call" you mean a single TCP connection or UDP flow, maybe you 
could use the standard SNAT target :

iptables -t nat -A POSTROUTING <matches...> \
   -j SNAT --to $ip_range_start-$ip_range_end

The first connection will be SNATed with $ip_range_start, the next one 
$ip_range+1 and so on until $ip_range_end, then $ip_range_start again in 
a round-robin way (even if it is already used). You must ensure that 
there will never be more simultaneous connections than the number of 
available addresses in the SNAT address range. Note that consecutive 
connections from the same source address will be SNATed with different 
addresses.

     prev parent reply	other threads:[~2006-05-04 19:40 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-30 23:43 Is there a way David Sims
2006-04-30 21:15 ` kelly
2006-05-01 14:50   ` Andy Furniss
2006-05-01  3:45 ` Rob Sterenborg
2006-05-02 21:02   ` R. DuFresne
2006-05-03  2:22     ` David Sims
2006-05-02 22:40       ` kelly
2006-05-04 19:40 ` Pascal Hambourg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=445A58C6.8060906@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.