On Sun, Jul 23, 2006 at 05:53:13PM +0200, Jan Engelhardt wrote:
Of course, it's not giving the real IP address, but at least some address that remains the same over time.
Sorry, what do you mean by this?
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.1 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.1 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
iptables -t nat -A POSTROUTING -i eth2 -o eth1 \ -j NETMAP --to-dest 192.168.1.0/24 iptables -t nat -A POSTROUTING -s 192.168.1.2 -o eth1 -m owner \ --uid-owner squid -j SNAT --to-source 192.168.1.2-192.168.1.254
The latter... it does not SNAT to the "real" address (i.e. 192.168.2.123 might get 192.168.1.240 instead of 192.168.1.123), but it suffices.
Ah, hm, right. Note that the code I posted inserts an SNAT rule every single time a connection is made, so it does let you keep your original source address. (But it needs some app hacking.) cheers, Lennert