Re: SNATed connections show as original ip in /proc/net/tcp

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Alexander Clouter

Subject: Re: SNATed connections show as original ip in /proc/net/tcp

Date: Sunday, July 11, 2010 - 7:30 am

Noah McNallie <n0ah@n0ah.org> wrote:
quoted text> 
> just as the topic describes.
>
Probably better to post this to netdev?

quoted text> I'm currently doing SNAT to force some destination tcp ports to be routed  
> through a specific route rather than the default route. To accomplish this  
> I mark thoes packets with iptables, use 'ip' to specify marked packets via  
> the specified route, and then use iptables to change their source address.
> 
SNAT'ing locally sourced traffic?  That's pretty nasty.

Look into using 'ip rule' and a second routing table.

http://lartc.org/howto/lartc.rpdb.html

You will still need use iptables/MARK to do L4 (tcp/udp/etc) policy 
routing though, however now you can dump the ugly SNATing.

Cheers

-- 
Alexander Clouter
.sigmonster says: Where do your SOCKS go when you lose them in th' WASHER?

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

SNATed connections show as original ip in /proc/net/tcp, Noah McNallie, (Sun Jul 11, 2:10 am)

Re: SNATed connections show as original ip in /proc/net/tcp, Alexander Clouter, (Sun Jul 11, 7:30 am)

Re: SNATed connections show as original ip in /proc/net/tcp, Noah McNallie, (Sun Jul 11, 8:11 am)

Re: SNATed connections show as original ip in /proc/net/tcp, Alexander Clouter, (Sun Jul 11, 10:08 am)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v2 11/11] sched: update tg->shares after cpu.shares write
Ingo Molnar	Re: [RFC] Cpu-hotplug: Using the Process Freezer (try2)
Michal Nazarewicz	Re: [PATCH] USB: Gadget: g_multi: added INF file for gadget with multiple configur...
Eric W. Biederman	Re: init's children list is long and slows reaping children.
Jeffrey V. Merkey	Re: Versioning file system
git:
Matthieu Moy	Re: Bugs in Gitosis
Daniel Barkalow	Re: About git and the use of SHA-1
David Lang	Re: mingw, windows, crlf/lf, and git
Shawn O. Pearce	Re: Bugs in Gitosis
Junio C Hamano	Re: [PATCH 14/21] Convert ce_path_match() to use struct pathspec
linux-netdev:
David Miller	Re: [2.6.30-rc3] powerpc: compilation error of mace module
David Miller	Re: [PATCH] ipv6: fix display of local and remote sit endpoints
Cong Wang	Re: [PATCH] s2io: add dynamic LRO disable support
Tobacco New Year Promo
Eric Dumazet	Re: [PATCH] net: implement emergency route cache rebulds when gc_elasticity is exc...
git-commits-head:
Linux Kernel Mailing List	V4L/DVB: tm6000: add special usb request to quit i2c tuner transfer
Linux Kernel Mailing List	of/flattree: merge early_init_dt_scan_memory() common code
Linux Kernel Mailing List	b43: N-PHY: add some registers and structs definitions
Linux Kernel Mailing List	powerpc: Move /proc/ppc64 to /proc/powerpc and add symlink
Linux Kernel Mailing List	drivers/acpi: use kasprintf
openbsd-misc:
Ted Bullock	Re: Proliant DL380 G3 cannot get on network
Eric Furman	Re: Defending OpenBSD Performance
Damien Miller	Re: Patching a SSH 'Weakness'
Tony Abernethy	Re: The Atheros story in much fewer words
Nick Holland	Re: 1 out of 3 hunks failed--saving rejects to kerberosV/src/lib/krb5/crypto.c.rej