<citaat van="Gabor Szokoli"> > Hi There, > > I am new and have some questions: > > We have a linux box (complete control) connected to multiple private > networks with possibly overlapping IP addressing. Its role is to > dynamically create and tear down individual port forwardings between > them. > Our basic idea was to create conntrack entries from the controlling > application. > Having imagined conntrack to be like Cisco Express Forwarding, I was > supprised to find out the conntrack lists do not contain the incoming > and outgoing interfaces, only IP addresses which are then routed via Normally you don't care what interface the IP is on. Think loadbalancing, redundant path setups, etc. That is a feature! > the normal path. Sadly, IP address based routing makes no sense > between the independent private networks which are reusing the same > IPaddresses. Ciscos can do stuf that netfilter cannot and vice versa. Contrack and overlapping IP adresses are mutually incompatible. Netfilter assumes a somewhat sane network. What you can do is use a linux box per interface and connect all those to a backbone. You can then map all overlapping subnets to some free subnet and get it all to work fairly easily. You can possibly even do this in different UMLs, so you need only one physical box. HTH, M4
