Need an iptables module for hiding NAT.
Rémi Denis-Courmont
rdenis at simphalempin.com
Mon Feb 5 22:16:06 CET 2007
Le lundi 5 février 2007 17:59, Artūras Šlajus a écrit :
> I need iptables module which would hide NAT. It means that all
> traffic being routed through the machine which is running netfilter
> and doing routing should be seen as originating from that host.
(...)
I think QEMU already does that when using the "userland" driver on the
host side for the guest NIC. As far as I understand, this is done using
an antique piece of BSD code known as slirp. It should not be very
complicated to reuse modify slirp to use a network card (the
internal-side NIC of the stealth NAT box) instead of a PPP interface
(as slirp originally did) or a virtual NE2000 (as QEMU does). A small
extra tweak will probably be needed to steal packets from Linux IP
stack.
Of course, it's not exactly hiding the NAT, since there is no more real
NAT.
> I hope somebody can help me, any shared thoughts about difficulty of
> doing such task and time involved would be appreciated (i'm a
> programmer myself, just not C and kernel ;-))
--
Rémi Denis-Courmont
http://www.remlab.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20070205/3237e7e5/attachment.pgp
More information about the netfilter-devel
mailing list