On 2019-04-28, Rachel Roch <[email protected]> wrote: > Hi, > > I've read the delightful manual but its a little terse in this area, so I > hope some knowledgeable soul can enlighten me: > > 1) Looking at tcpdumps, I've noticed (on 6.5 have no prior experience with > nat-to random to compare against) that 'random' seems to operate more like > 'round-robin' (e.g. if I send traffic, pause, send traffic again it just > loops through the IP pool in order).
Unsure about this. > 2) I'm unclear when 'sticky-address' should be appended to random ? In my > mind I'm thinking about, say, "secure websites" which may track your > (apparent) source-IP during the time you are logged in, and if it changes you > could be booted out. Or am I overthinking things and 'sticky-address' is > potentially less useful than I think it might be ? Yes this is definitely still a problem in some cases. In particular some banks (and some other sites) restrict sessions to a single source IP. > Finally, is there any reason why there isn't (yet?) a more intelligent > mapping ? (e.g. similar to the options in LACP ... e.g. source plus > destination, not just source). I've not seen that suggested before. I imagine tracking source+destination would be a huge drain on memory though (and might not help in many situations which want a "sticky" address)..
