Hi, On Sat, Nov 25, 2017 at 02:41:50AM -0200, Rafael Ganascim wrote: > Hello guys, > > Do you know if its possible to create in few rules the RFC7422 > deterministic port ranges with netfilter? > > I'm using with iptables generating a lot of rules, one for each > internal ipv4 address/port range/protocol (minimum 3 for each private > ip address). > > I'm looking in DNETMAP implementation, but I don't know if it can be > configured to be deterministic based on the source-ip/port. I guess your goal is to map a range of source ports to an IP address, so from outside you can identify what traffic belongs to what IP address behind the NATs. I made a quick hack long long time ago for a friend of mine that needed this, I'm not finding the patchset here, that happened probably more than 10 years ago. But I remember this just needs a very small change to the code. Probably adding a new revision any of the existing NAT targets should be fine. So just to clarify, I think this should be easy to support. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
