Hi Vinicius, I will do that. Thank you! On Thu, Oct 27, 2016 at 1:18 PM, Vinicius Tinti <viniciustinti@xxxxxxxxx> wrote: > On Thu, Oct 27, 2016 at 10:02 AM, Rui Santos <rsantos@xxxxxxxxxxxxx> wrote: >> >> Hi all, >> >> I'm currently using NAT to provide Basic address translation from >> private to public IP's. >> >> However, linux kernel uses both destination IP and Port as part of >> it's NAT mapping process. This way (client1 and client2 are on the >> same internal network): >> - if client1 connects to server1 using source port X, the NAT will be >> mapped: client1IP:SourcePortX -> server1IP:SourcePortX; >> - if client2 then connects to server2 using source port X, the NAT >> will be mapped: client2IP:SourcePortX -> server2IP:SourcePortX. >> Basically, SourcePortX is used on both mappings for client1 and client2. >> >> But, if client2 tries to connect do server1 instead, using the same >> source port X, the NAT will be mapped: client2IP:SourcePortX -> >> server2IP:SourcePortY >> SourcePortY will be an available (randomly generated?) ephemeral port. >> >> My goal is to force this behavior on all outgoing connections. This >> way I would get a unique egress port mapping to an internal IP:Port in >> a specific point in time: >> - if client1 connects to server1 using source port X, the NAT will be >> mapped: client1IP:SourcePortX -> server1IP:SourcePortX; >> - if client2 then connects to server2 using source port X, the NAT >> will be mapped: client2IP:SourcePortX -> server2IP:SourcePortY. >> SourcePortY will be an available (randomly generated?) ephemeral port. >> >> I am aware that this will imply a concurrent NAT connections limit, >> equal to the ephemeral port range, per egress IP. >> >> Is there any way I can accomplish this kind of behaviour? > > > I believe that you should be asking that on #netfilter maillist. > > AFAIK I think it is feaseble to do (perhaps even without programming using > netfilter). > >> >> >> Thanks for all your help, >> -- >> Rui Santos >> Veni, Vidi, Linux >> >> _______________________________________________ >> Kernelnewbies mailing list >> Kernelnewbies@xxxxxxxxxxxxxxxxx >> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > > > > -- > Simplicity is the ultimate sophistication -- Rui Santos Veni, Vidi, Linux _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
