On Thu, Oct 27, 2016 at 10:02 AM, Rui Santos <[email protected]> wrote:
> Hi all, > > I'm currently using NAT to provide Basic address translation from > private to public IP's. > > However, linux kernel uses both destination IP and Port as part of > it's NAT mapping process. This way (client1 and client2 are on the > same internal network): > - if client1 connects to server1 using source port X, the NAT will be > mapped: client1IP:SourcePortX -> server1IP:SourcePortX; > - if client2 then connects to server2 using source port X, the NAT > will be mapped: client2IP:SourcePortX -> server2IP:SourcePortX. > Basically, SourcePortX is used on both mappings for client1 and client2. > > But, if client2 tries to connect do server1 instead, using the same > source port X, the NAT will be mapped: client2IP:SourcePortX -> > server2IP:SourcePortY > SourcePortY will be an available (randomly generated?) ephemeral port. > > My goal is to force this behavior on all outgoing connections. This > way I would get a unique egress port mapping to an internal IP:Port in > a specific point in time: > - if client1 connects to server1 using source port X, the NAT will be > mapped: client1IP:SourcePortX -> server1IP:SourcePortX; > - if client2 then connects to server2 using source port X, the NAT > will be mapped: client2IP:SourcePortX -> server2IP:SourcePortY. > SourcePortY will be an available (randomly generated?) ephemeral port. > > I am aware that this will imply a concurrent NAT connections limit, > equal to the ephemeral port range, per egress IP. > > Is there any way I can accomplish this kind of behaviour? > I believe that you should be asking that on #netfilter maillist. AFAIK I think it is feaseble to do (perhaps even without programming using netfilter). > > Thanks for all your help, > -- > Rui Santos > Veni, Vidi, Linux > > _______________________________________________ > Kernelnewbies mailing list > [email protected] > https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > -- Simplicity is the ultimate sophistication
_______________________________________________ Kernelnewbies mailing list [email protected] https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
