Hi,
David Sims wrote :
I want to use Linux to do NAT between some 192.168.x.x addresses
in a routed network on one side and a single 10.0.0.x/24 on the other
side. I want to do one-to-one NAT but in a dynamic way... such that a
calling address is NATed into the next available 10.0.0.x/24.... in a
round robin sort of way... IS there a way to do this using NETFILTER??
If not NETFILTER, then how??
This sort of thing is common in many-to-one NAT (port-address
translation)... but I need each call to come from a separate NATed IP
address to support my application (TN3270 session)... It's OK to reuse
addresses after a call (session) is complete, but each session needs to
come from it's own fixed (for the duration of the session) IP address....
If by "call" you mean a single TCP connection or UDP flow, maybe you
could use the standard SNAT target :
iptables -t nat -A POSTROUTING <matches...> \
-j SNAT --to $ip_range_start-$ip_range_end
The first connection will be SNATed with $ip_range_start, the next one
$ip_range+1 and so on until $ip_range_end, then $ip_range_start again in
a round-robin way (even if it is already used). You must ensure that
there will never be more simultaneous connections than the number of
available addresses in the SNAT address range. Note that consecutive
connections from the same source address will be SNATed with different
addresses.
