> > I understand that we can extend the current DNAT feature to include > DNAT:port. But is there is a use case where you want to use this? Any > extensions of the NAT table can be better designed if we understand the > end use-case for it. If not, I will just take a look at the first version of the > series. > >
> Because of public ip restrictions , I have different private IPs sharing a single > outbound internet IP. > The VMs with different private IPs will run different services(e.g. web, email, > dns service). > I think this would also help from a security perspective. By sending legitimate ports to one location and default other ports to a honeypot or something, then one form of intrusion detection could be performed. I am still coming up to speed on OVS/OVN, but would also like this somewhere in the distributed routing/switching path. So don't know if this is already available or not. Maybe this would be part of the upcoming SFC functionality. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
