/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Davids, Noah wrote: > OK, I've read several HOW-TOS, read through message archives and I am still > lost. I am not even sure if IP Masquerading is the best solution to my > problem. > > First my problem, I am trying to simulate several thousand hosts with just a > few hosts. The purpose is to test a server (not a Linux system) with a large > number of connections to individual hosts (as opposed to the same host) and > also a large routing table (each host will have its own host route, don't > ask it is the way it has to be). > > I thought I could configure IP Masquerading so that it would translate the > destination addresses of my 3,000 hosts to a single or small number of hosts > to act as the other end of the connection. (Yes, I know I have sort of turn > around client and server here but once the connection is established it will > not matter for my testing). > > I have a Linux system with 2 interfaces, 10.1.1.62 and 172.16.1.62. My > "server" is 172.16.1.203 with a route indicating that 172.16.1.62 is the > gateway for 10.1/16. > > On the Linux system I did the following: > ipchains -A forward -d 10.1.0.0/16 -j MASQ -m 1 > ipmasqadm mfw -A -m 1 -r 10.1.1.13 2323 > > resulting in: > # ipchains -L > Chain input (policy ACCEPT): > Chain forward (policy ACCEPT): > target prot opt source destination ports > MASQ all ------ anywhere 10.1.0.0/16 n/a > Chain output (policy ACCEPT): > > # ipmasqadm mfw -L > fwmark rediraddr rport pcnt pref > 1 10.1.1.13 2323 10 10 > > When, from my server, I connect to 10.1.1.13, Masking works. That is > 10.1.113 sees a connection from 10.1.1.62 while 172.16.1.203 sees a > connection 10.1.1.13. However, 10.1.113 actually exists. If I try to connect > to 10.1.1.14, which does not exist, what I see is 10.1.162 ARPing 10.1.1.14 > instead of going to 10.1.1.13. what's 10.1.113? is it a typo if 10.1.1.13? > I assume that I am misunderstanding what the -r means in the ipmasqadm > command. the problem might be that you are mfw forwarding in the same direction as you are masquerading. i think it is intended that they operate in opposite directions (this is at least true for ipmasqadm portfw). > Can IP Masquerading do this, if so how, if not is there something that can? you could try the iproute2 package. just about any kind of packet mangling is possible with it. you could also try iptables on a 2.4 kernel. it also allows all manner of packet munging (with a nicer interface). > Oh yes, I am running Red Hat 6.2 with ipmasqadm 0.4.2-4 raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
