-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 1 May 2006, Rob Sterenborg wrote:
Hi,
I want to use Linux to do NAT between some 192.168.x.x addresses
in a routed network on one side and a single 10.0.0.x/24 on the other
side. I want to do one-to-one NAT but in a dynamic way... such that a
calling address is NATed into the next available 10.0.0.x/24.... in a
round robin sort of way... IS there a way to do this using NETFILTER??
If not NETFILTER, then how??
This sort of thing is common in many-to-one NAT (port-address
translation)... but I need each call to come from a separate NATed IP
address to support my application (TN3270 session)... It's OK to reuse
addresses after a call (session) is complete, but each session needs
to come from it's own fixed (for the duration of the session) IP
address....
The exact application that I am trying to support is connecting to
an IBM mainframe from random hosts in a routed network via an
Attachmate gateway where calling addresses are mapped into terminal
sessions on a 1:1 basis.... Port address translation won't work
because all calls appear to eminate from the single IP address.... I
need to do 1:1 NAT but only on a temporary basis where once a call is
complete the NAT address can be used by another caller...
Clues? Suggestions? Examples?
Have you tried the NETMAP target ? Using NETMAP I don't see a reason to
have to reuse IP addresses for NAT because you can NAT a complete subnet
1:1 with NETMAP.
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-N
ETMAP
Perhaps I'm reading this incorrectly, but, I get the impression this is
not a 1:1 NAT setup, but a reverse masq tye setup, comes from the original
posters statement:
Port address translation won't work
because all calls appear to eminate from the single IP address.... I
need to do 1:1 NAT but only on a temporary basis where once a call is
complete the NAT address can be used by another caller...
As I read this it comes off not as 1:1 NAT but masq as mentioned. What am
I reading incorrectly or interpretting wrong here?
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEV8jcst+vzJSwZikRAiP3AKDSthAVcJvatOcX7TDBObDkfjyOkACfR6RM
PVd7CTyQVJyEeZUm1rvnB34=
=wRLT
-----END PGP SIGNATURE-----
