ipnatctl
Rusty Russell
rusty@linuxcare.com.au
Sat, 24 Jun 2000 01:39:40 +1000
In message <39537EE3.D82D3FA9@baldauf.org> you write:
> Rusty Russell wrote:
>
> > In message <394FDFEB.E1A6AB7F@baldauf.org> you write:
> > > Hello,
> > >
> > > does anybody know where I can find ipnatctl (in order to list and
> > > manipulate masquerading related data)?
> >
> > It's been obsoleted by the `nat' table, controlled by iptables.
> >
> > cat /proc/net/ip_conntrack: the ones for which the reply != the
> > inverse of the outgoing have been NAT'ed.
>
> Thank you. Is there any way to change the entries from userspace?
No, but I see what you're getting at (dial-on-demand IP address
changes). It's fairly easy to write a module which adds a sockopt to
do this (you really want to `forget' all those previous connections,
see ipt_MASQUERADE.c).
The other option is to use MASQUERADE, but change line 130 of
ipt_MASQUERADE.c from:
if (event == NETDEV_DOWN) {
to
if (event == NETDEV_DOWN || event == NETDEV_CHANGEADDR) {
which make sense...
Rusty.
--
Hacking time.