Use the SAME target in the netfilter patch-o-matic. It works just like SNAT, but chooses the same address for the client every time.
On Sat, Mar 02, 2002 at 07:19:35PM -0800, Richard Couture wrote: > I have a customer with 200+ employees that I have put behind an > iptables/netfilter firewall. > > This customer has 128 real addresses and I waned to NAT to 20 of them. > > I set up ipaliases... and all works fine with the command: > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.2.9.1-66.2.9.21 > > HOWEVER, I have a few SSL HTTP apps that are screaming that my users' > addresses keep changing... and then refuses my users further service. > > How do I make the NAT STATEFUL for any given connection ESTABLISHED or > RELATED? -- Zinx Verituse
