Mad Scientist wrote:
According to the great words of Frank Stollar:
Another admin wrote an User-space SNAT Proxy
running on the server, the server will see the clients fake outside
IP and the Steam Ticket is valid for the people now.
Any idea where I can find this?
As this special solution was coded by an admin of our servers and a good
friend of mine. As this is a very special solution because the masq for
2500 clients use dynamical ip allocation per user. Therefor the SNAT
proxy on the server querries the masq via a module which extern IP that
specific client has and maps that IP as SNAT to the pakets send to the
server. The next problem was that this SNAT Proxy has to be implemented
in user-space and not kernel-space. If you wish, I can get you his email
address, he would surely public his code under the GPL.
This may be helpful for other people but surly it must be rewritten to
their personal needs. And if you use a plain NAT that would be overkill,
as iptables has better method of static SNAT translation as Marques
already pointed out.
But he is wrong as POSTROUTING is no solution at all, because the pakets
must be altered _before_ they reach your server. PREROUTING would be the
right chain. But SNAT does not work in the PREROUTING chain :-/
To circumvent that behaviour you must set up another pseudo interface
and route your internal traffic through that interface. Then you can use
POSTROUTING on that pseudo interface and get SNAT working.
Well, indeed that is somehow the same procedure as the user-space SNAT
is working, but without the overkill of dynamic IP NAT.
Hope I enlighted you,
Frank
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
