On Sat, Mar 02, 2002 at 05:15:22PM -0500, [EMAIL PROTECTED] wrote: > NAT is already stateful. > > Problem is, HTTP is not. > > Thus, you have a second connection from a same client going to same > server, which is NOT "related" to a previous one. > > Solution: Just NAT to one IP and be done with it. ;)
Or, break down the internal addresses into 20 (or whatever number of aliases you have) and SNAT them accordingly. Ramin > > -alex > > > > On Sat, 2 Mar 2002, Richard Couture wrote: > > > I have a customer with 200+ employees that I have put behind an > > iptables/netfilter firewall. > > > > This customer has 128 real addresses and I waned to NAT to 20 of them. > > > > I set up ipaliases... and all works fine with the command: > > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 66.2.9.1-66.2.9.21 > > > > HOWEVER, I have a few SSL HTTP apps that are screaming that my users' > > addresses keep changing... and then refuses my users further service. > > > > How do I make the NAT STATEFUL for any given connection ESTABLISHED or > > RELATED? > > > > > > > > > > Richard > > >
