[PATCH] SNAT anyip connections

Peter Warasin peter at endian.com
Tue Jun 23 16:11:23 UTC 2009

Hi List

Attached is a patch which adds the option --uamnatanyip.

If this option is enabled and anyip is also enabled, every anyip
connection will be NATed to an ip address from the dynamic pool.
For each new connection an ip address will be requested from the dynamic
pool which then will be used to SNAT packets of that connection.
This way host routes are not necessary anymore.

This is useful if you have coova-chilli on the same host with a proxy or
a firewall. When you have anyip enabled, that firewall/proxy will see
connections coming from some external ip addresses, which will bypass
your firewall configuration or forces you to disable filters.

Enabling uamnatanyip NATs connections to your dynamic pool subnet, which
allows you to work only with that subnet on the firewall/proxy.

This patch is tested for 1.0.12, where it works flawlessly. The attached
patch is ported to current svn, where I have some problems (hisip is
always, but I have the same problems without this
patch, so i assume the patch should be ok.

If you like the 1.0.12 patch also, simply ask.


:: e n d i a n
:: open source - open minds

:: peter warasin
:: http://www.endian.com   :: peter at endian.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: coova-chilli-r203-uamnatanyip.patch
Type: text/x-patch
Size: 11544 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090623/a7f5c1bb/attachment.bin>

More information about the Chilli mailing list