Hi, On Monday 13 February 2006 22:01, Khoa Nguyen wrote: > Before 2.6.11 kernel, the SNAT box was mapping every new socket from > the Client to a new source IP address. With this, I was able to > simulate several thousands "virtual" clients. Now with the new > behaviour, every socket from the Client to the Server is mapped to the > same random but fixed source IP address. I am sure the new NAT > implementation is better and cleaner than the old one, but it also > takes away a nice round-robin feature per socket. Is there any way I > can achieve the previous behaviour without modifying the kernel source > code :-( or downgrading to a pre-2.6.11 kernel? (I am writing some > ip_conntrack/ip_nat modules based on the new 2.6.11+ API, so > downgrading the kernel is going to be painful) I see. Well, I don't think this is possible without modifying the kernel source. However, you could try either modifying the client to use different IP addresses (by configuring a few thousand IP addresses to the client and having the client bind() to different IP addresses), or modifying the kernel to do what you'd like. I think both of these should be relatively easy (in case you have access to the client source code). About the kernel: take a look at find_best_ips_proto() in ip_nat_core.c. At the end of the function there's a jhash_2words() call, this is responsible for choosing an IP inside the address range specified. You could easily modify it to produce a hash value based on the (src, src port, dst) tuple instead of just (src, dst). -- KOVACS Krisztian