snat to multiple source ip
Marco Berizzi
pupilla at hotmail.com
Mon Sep 26 17:38:48 CEST 2005
Hello everybody.
I would like to better understand the SNAT target when
multiple --to-source are specified.
Man states:
"You can add several --to-source option. If you specify
more than one source address, either via an address range
or multiple --to-source options, a simple round-robin (one
after another in cycle) takes place between these addresses."
iptables -t nat -I POSTROUTING -s ipX --protocol tcp
-j SNAT --to first_ip --to second_ip
This round robin cycle is per socket. Correct?
But, after a little test, I have concluded that SNAT
choose the second IP when the system open a second
socket to the same host.
SNAT test results:
1st socket opened to a.a.a.a -->> SNAT with first_ip
2nd socket opened to b.b.b.b -->> SNAT with first_ip
3rd socket opened to c.c.c.c -->> SNAT with first_ip
4th socket opened to b.b.b.b -->> SNAT with second_ip
5th socket opened to d.d.d.d -->> SNAT with first_ip
6th socket opened to a.a.a.a -->> SNAT with second_ip
I think it should work in this manner:
1st socket opened to a.a.a.a -->> SNAT with first_ip
2nd socket opened to b.b.b.b -->> SNAT with second_ip
3rd socket opened to c.c.c.c -->> SNAT with first_ip
4th socket opened to b.b.b.b -->> SNAT with second_ip
5th socket opened to d.d.d.d -->> SNAT with first_ip
6th socket opened to a.a.a.a -->> SNAT with second_ip
May anyone confirm this? Wrong or correct?
More information about the netfilter-devel
mailing list