Am 16.07.2010 16:56, schrieb Jan Engelhardt: > On Friday 2010-07-16 14:49, Patrick McHardy wrote: >>> Assume: >>> eth0 has these addresses: >>> 10.1.0.1, netmask 255.255.255.0 (primary address) >>> 10.2.0.1, netmask 255.255.255.0 >>> 10.3.0.1, netmask 255.255.255.0 >>> 10.4.0.1, netmask 255.255.255.0 >>> >>> and redirects from.. say.. port 80 to 8080 >>> >>> Connections to 10.1.0.1:80 will be redirected to 10.1.0.1:8080 >>> But also all connections to 10.2.0.1:80, 10.3.0.1:80 and >>> 10.4.0.1:80 will be redirected to 10.1.0.1:8080 >>> >>> >>> With the patch, the connection to 10.2.0.1:80 will be redirected to >>> 10.2.0.1:8080, 10.3.0.1:80 to 10.3.0.1:8080, etc.. >> >> OK, so basically you just want to rewrite the port number. An easier >> way to do this without iterating through all addresses would be to >> change userspace and the kernel so you can create REDIRECT rules >> without the IP_NAT_RANGE_MAP_IPS flag. That won't work for forwarded >> packets, but its the simplest solution for the case you describe. > > Isn't TPROXY the right thing here if all you want is changing the port > of delivery? :-) TPROXY does more than changing the port number. Being able to specify port-only redirect rules sounds useful to me in any case. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
