Re: [LARTC] NAT/MASQ with multiple external static IPs
Покотиленко Костик wrote: I don't think so. You should (need) use either -j MASQUERADE or -j SNAT. MASQUERADE is almost the same with SNAT, it more convient for NAT'ing on ppp interfaces where there are different IP on each connect, that's way it doesn't have --to-source option (it takes the address from the outgoing interface). The correct way would probably be: iptables -A POSTROUTING -t nat -s 1.2.3.4 -o eth0 -j SNAT --to-source 1.2.3.5-1.2.3.7 OR iptables -A POSTROUTING -t nat -s 1.2.3.4 -o eth0 -j SNAT --to-source 1.2.3.5 --to-source 1.2.3.6 --to-source 1.2.3.7 I understand, so outbound packets will convert to the (--to-source) address outbound. But how will packets coming back in find their way back to the original client? For example, if I had this rule: iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j SNAT --to-source 1.2.3.4 then sure, a packet from IP 192.168.0.50 goes out just fine. But then I would need a DNAT rule to send packets back to that internal IP address. How would that work? Am I looking at this the right way? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] NAT/MASQ with multiple external static IPs
В Вто, 14/11/2006 в 16:15 +0300, Ron McKown пишет: > Hello everyone, > really not sure if this is a LARTC question or not, but I have several > hundred users all MASQ'd behind a single static IP. Users are reporting > that certain websites are blacklisting that single static external IP > for various reasons. > > What I would like to do is use several external IP's and have a MASQ'd > user getting a random one each time. > > Here is a very simplified example: > > eth0:1.2.3.4 > eth0:1 1.2.3.5 > eth0:2 1.2.3.6 > eth0:3 1.2.3.7 > > eth1: 192.168.0.0/16 > > Whereas, a user will sent out and given one of the eth0 addresses by random. > > Any clue where to start looking? # man iptables .. SNAT This target is only valid in the nat table, in the POSTROUTING chain. It specifies that the source address of the packet should be modified (and all future packets in this connection will also be mangled), and rules should cease being examined. It takes one type of option: --to-source ipaddr[-ipaddr][:port-port] which can specify a single new source IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies -p tcp or -p udp). If no port range is specified, then source ports below 512 will be mapped to other ports below 512: those between 512 and 1023 inclusive will be mapped to ports below 1024, and other ports will be mapped to 1024 or above. Where possible, no port alter- ation will occur. You can add several --to-source options. If you specify more than one source address, either via an address range or multiple --to-source options, a simple round-robin (one after another in cycle) takes place between these adresses. .. -- Покотиленко Костик <[EMAIL PROTECTED]> ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] NAT/MASQ with multiple external static IPs
Hello everyone, really not sure if this is a LARTC question or not, but I have several hundred users all MASQ'd behind a single static IP. Users are reporting that certain websites are blacklisting that single static external IP for various reasons. What I would like to do is use several external IP's and have a MASQ'd user getting a random one each time. Here is a very simplified example: eth0:1.2.3.4 eth0:1 1.2.3.5 eth0:2 1.2.3.6 eth0:3 1.2.3.7 eth1: 192.168.0.0/16 Whereas, a user will sent out and given one of the eth0 addresses by random. Any clue where to start looking? Thanks! Ron [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc