On 27.10.2016 18:22, Rui Santos wrote: > My goal is to force this behavior on all outgoing connections. This > way I would get a unique egress port mapping to an internal IP:Port in > a specific point in time: > - if client1 connects to server1 using source port X, the NAT will be > mapped: client1IP:SourcePortX -> server1IP:SourcePortX; > - if client2 then connects to server2 using source port X, the NAT > will be mapped: client2IP:SourcePortX -> server2IP:SourcePortY. > SourcePortY will be an available (randomly generated?) ephemeral port. > > I am aware that this will imply a concurrent NAT connections limit, > equal to the ephemeral port range, per egress IP. > > Is there any way I can accomplish this kind of behaviour? The answer is on the man page (man iptables-extensions). Read the text about the SNAT and MASQUERADE targets. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Attachment:
signature.asc
Description: OpenPGP digital signature
