On 02/04/09 08:36, Michael Schuster wrote: > all, > > in the current version of the CLI specs, NAT proxy src addresses are > specified per servergroup, thus: > > create-servergroup [-s server=hostspec[:portspec...]] \ > [-i interface=name|proxy-src=src] groupname > > From all I understand (and this quite likely needs correcting ;-) this > information should be given on a *per-rule* basis; given the fact that we > can have more than one rule created using the same servergroup, the current > spec directly conflicts with that requirement (there's also the tiny fact > that the current kernel code expects this information in the rule, not with > individual servers :-) > > so, provided I'm not confusing two different concepts here, I propose to > move the proxy-src specification to rule creation, eg sth like this: > > create-rule [-e] -i <incoming> -m <method attributes> \ > -o <outgoing spec> [-h <healthcheck> ] name > > ... > > -m > type aka topology: "DSR", "half-NAT", "NAT" > ... > proxy-src (NAT only): ip[-ip] > replace incoming packets' src address, > or a range of hosts (if second ip is given) > > > thx > Michael >
I dont have a problem with that.
