Crazy portmap request
Jan Engelhardt
jengelh at linux01.gwdg.de
Sun Jul 3 16:02:34 CEST 2005
>Hello,
>
>I have a new challenge of trying to map some IP's to a single IP but
>with a static port. Here is a sample.
You can't do that (at least at the same time). This is because:
What if the client-in-the-office makes two requests at the same time to the
same service? (Classic example: SMB file sharing) Then you would have two
distinct packets having the same single-IP-with-static-port on the source
side, and IP-PORT on the destination side, e.g.
client:1024 -> fileserver:137
client:1025 -> fileserver:137
gets mapped to
router:1999 -> fileserver:137
router:1999 -> fileserver:137
and as you know, the uniqueness of a TCP connection is defined by the
uniqueness of the tuple (srcip,srcport,dstip,dstport)
>Each workstation has a TCP processing running on a fixed port. For all
>intents and purposes let's say it's SMTP. What I need to do, using the
>single static IP address is map out a single port for each server behind
>it.
>
>So, given 10.99.0.x it we want something like this
>
>10.99.0.1:25 = 199.199.80.41:30001
>10.99.0.2:25 = 199.199.80.41:30002
>...
>10.99.0.250:25 = 199.199.80.41:30250
>
>Is there a simple way to do this? Currently we have a pre/post routing
>line per entry. Is there a better way?
Maybe I did not quite understand, but my first guess is -see above-.
For everything else, if it's only one connection at the same time,
-t nat -A POSTROUTING -s 10.99.0.1 -p tcp --sport 25 -j SNAT
--to-source 199.199.80.41:30001
Jan Engelhardt
--
| Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen,
| Am Fassberg, 37077 Goettingen, www.gwdg.de
More information about the netfilter
mailing list