* SNAT every packet in a connection
@ 2008-01-28 2:47 Ashok Rao
2008-01-28 8:27 ` Benny Amorsen
0 siblings, 1 reply; 3+ messages in thread
From: Ashok Rao @ 2008-01-28 2:47 UTC (permalink / raw)
To: netfilter
I have 2 WAN connections on my Linux router and I'd like to do
load-balancing of packets relating to the same connection.
There are lots of examples out on the net for setting up routes and
rules to send packets
to both links - and I have got those working - however I want to NAT
the source IP address of the outgoing packets based on the packet MARK
so that I can make each packet go out with the IP address of the
outgoing interface.
From whatever I've read and seen myself, the NAT table is only
traversed for the first packet of a connection.
Hence packets in a single connection will always be SNATed to the
same IP - Hence the packets going out on one of the interfaces will
not have the right source IP.
I'm starting to take a look at ip_nat_core.c ip_nat_standalone.c -
would it make sense to try to modify those to achieve what I want ?
So far I've been using dumb NAT to achieve this - but it is very
primitive.
Thanks in advance.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SNAT every packet in a connection
2008-01-28 2:47 SNAT every packet in a connection Ashok Rao
@ 2008-01-28 8:27 ` Benny Amorsen
0 siblings, 0 replies; 3+ messages in thread
From: Benny Amorsen @ 2008-01-28 8:27 UTC (permalink / raw)
To: netfilter
"Ashok Rao" <greatarbor@gmail.com> writes:
> From whatever I've read and seen myself, the NAT table is only
> traversed for the first packet of a connection. Hence packets in a
> single connection will always be SNATed to the same IP - Hence the
> packets going out on one of the interfaces will not have the right
> source IP.
The receiving end of the connection will be rather confused when it
gets 10 packets from 1.1.1.1 followed by 10 packets from 2.2.2.2 in
the same connection. Or rather, it should just drop the ones from
2.2.2.2.
What you want is basically impossible.
/Benny
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SNAT every packet in a connection
@ 2008-01-28 17:44 Ashok Rao
0 siblings, 0 replies; 3+ messages in thread
From: Ashok Rao @ 2008-01-28 17:44 UTC (permalink / raw)
To: netfilter
I should have explained in my original posting that this is for Point
to Point application. I have a
server at the other end (receiving end of the connection) which will
receive these packets, make the source IP the same and
deliver to the LAN.
And as I said - I am already doing this today - albeit with many caveats such as
a) Point to Point load-balancing only (remote to central site)
b) Currently handle only one host in remote site
"Ashok Rao" <greatarbor@gmail.com> writes:
> From whatever I've read and seen myself, the NAT table is only
> traversed for the first packet of a connection. Hence packets in a
> single connection will always be SNATed to the same IP - Hence the
> packets going out on one of the interfaces will not have the right
> source IP.
The receiving end of the connection will be rather confused when it
gets 10 packets from 1.1.1.1 followed by 10 packets from 2.2.2.2 in
the same connection. Or rather, it should just drop the ones from
2.2.2.2.
What you want is basically impossible.
/Benny
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-01-28 17:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-28 2:47 SNAT every packet in a connection Ashok Rao
2008-01-28 8:27 ` Benny Amorsen
-- strict thread matches above, loose matches on Subject: below --
2008-01-28 17:44 Ashok Rao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox