Per-client NAT routing -- possible?
Patrick McHardy
kaber at trash.net
Fri Mar 24 13:58:56 CET 2006
Amin Azez wrote:
> Patrick McHardy wrote:
>
>> Amin Azez wrote:
>>
>>>> Could someone please point me in the right direction? Or is this not
>>>> possible?
>>>
>>>
>>>
>>> I think you can use ipt_route to select the output gateway or interface,
>>> NAT should then work after that.
>>
>>
>>
>> That sounds rather hackish. The normal way to do something like that
>> is to use normal multipath routes and, if NAT to different IPs needs
>> to be used, CONNMARK to bind connections to one of the paths.
>
>
> Respecting your experience and acknowledging my ignorance, but THAT
> seems like the hacky way to me. I realise most of the world thinks I'm
> wrong, I merely offer this insight into the strangeness of the "other"
> persons mind.
>
> I guess I do it this way because I do a lot of bridging.
I guess its a matter of taste which way you prefer, but one argument
against the route target is that it replicates lots of code from
the IP layer, which is never a good idea and most likely already
out of date. From a short look, it seems like it doesn't work with
IPsec for example.
More information about the netfilter-devel
mailing list