Hello,
John Lister a écrit :
Hi, i'm trying to set up a rule to snat over a range of ip addresses with
something like this:
iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source
192.168.96.34-192.168.96.136
however after dumping the packets, it seems that only the first address
is ever used and the rule is being matched correctly
In the docs it mentions that it selects an address in the range at
random for a stream - i'm assuming for netfilter a stream is a single
connection and each subsequent connection should get a new ip address,
or does it group similar connections to/from the same ip addresses and
give it the same ip address - which happens with routing (cache)?
Your documentation may be outdated. Since the linux kernel 2.6.11,
randomness (actually round robin AFAIK) in the SNAT and DNAT address
selection has been replaced with a selection based on a hash of the
source and destination address. So for the same (src, dst) SNAT and DNAT
will always select the same address in the range.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
