IP Masquerading source files.

IP Masquerading source files.

Post by Vincen » Thu, 29 Aug 2002 00:24:46



Hello!

I would like to know how and where is implemented IP packet analyze for
Masquerading.
Which source files should I look for that?

Regards

Vincent

 
 
 

IP Masquerading source files.

Post by Jeroen Geilma » Thu, 29 Aug 2002 08:00:13



Quote:> Hello!

> I would like to know how and where is implemented IP packet analyze for
> Masquerading.
> Which source files should I look for that?

Yeah, hi, and thanks for giving all the relevant information, such as :

- Linux distribution & version
- kernel version
- ipchains or iptables

Oh, and IP packet *analysing* has nothing to do with *masquerading*,
either - even though they're part of the same code.

 
 
 

1. Route IP masqueraded packets according to their source IP?

Hi all,

I am new to Linux IP Masquerading, and want to know if it
can do the following...

Suppose that I have two ADSL connections, connected to two
different ISPs.  Both ISP would only accept packets with
source IP address associated with their respective ADSL,
and other packets would be dropped.  I would not use the
two ADSL to host any kind of servers, and I only use them
for outbound connections.

What I want to do is to fully utilize the two ADSLs.  I
plan to alternate my default route between the two ADSL
every 10 seconds, and masquerade the connection request
packets as the current outbound IP.  Maybe I should use
and example:

My Linux box

172.16.1.2              -----------------   ISP1
             -----------+
10.1.1.2                -----------------   ISP2

So ISP1 would only accept packets from 172.16.1.2, and ISP2
would only accept packets from 10.1.1.2.  My Linux box have
an NIC with two IP: 172.16.1.2 and 10.1.1.2.  When there's
an outbound connection request from my intranet, it will be
masqueraded according to the current default route.  If default
route points to ISP1, it will be masqueraded as 172.16.1.2,
otherwise, it will be masqueraded as 10.1.1.2.

So far, IPTables seems to be able to do that.  But to cope
with the filtering, I hope to route the subsequent packets
according to the connect request's masqueraded IP.  So if
the connect request is masqueraded as 172.16.1.2, all the
subsequent packets of that sesssion would be masqueraded as
172.16.1.2, too, and being routed to ISP1.  At the same
time, the default route of my Linux box would alternate
between the two ADSL every 10 seconds.

As I read the the NAT Howto, the SNAT is performed in the
POSTROUTING stage, so the packets might be masqueraded
correctly, but going out to the wrong ISP.  Is there any
way to do source-based routing after SNAT?

Thanks in advance.

Chih-Cherng Chin

2. Cannot compile Apache on AIX 4.3

3. IP for masqueraded net other than masquerading host IP

4. Stress Test for Linux???

5. IP Masquerading w/out kernel sources?

6. Can't get ethernet to work

7. IPsec masquerading causes source IP of 0.0.0.0

8. Boot from 6120

9. IP Masquerading works, but does not masquerade from within the local network

10. IP MASQuerading NOT Masquerading?

11. IP Masquerading in RedHat 7.2 - Problems with ping and sending files

12. File size limit for IP Masquerading?