[PATCH] SNAT anyip connections
wlanmac
wlan at mac.com
Wed Jun 24 09:12:41 UTC 2009
Hi Peter,
Seems to work great. I'll keep testing a bit with it. I have it now in
my current development branch, which I will release in the next couple
weeks. It has major changes, including direct 802.1Q support so a single
chilli can control your entire VLAN trunk. The configuration system
changed drastically in that the cmdline.o (generated by gengetopt) will
only be linked into a new utility "chilli_opt". This new util is
responsible for parsing, resolving, and building the runnable
configuration. It's launched by chilli on startup, but can also be ran
offline to update the configuration of a running chilli. Since chilli
forks the utility, it'll never stop and wait for DNS resolution. The
"tap" interface have also been rewritten a bit such that a chilli tap
interface can be added to a bridge... to run chilli on a more pure
layer2 network.
David
On Tue, 2009-06-23 at 18:11 +0200, Peter Warasin wrote:
> Hi List
>
> Attached is a patch which adds the option --uamnatanyip.
>
> If this option is enabled and anyip is also enabled, every anyip
> connection will be NATed to an ip address from the dynamic pool.
> For each new connection an ip address will be requested from the dynamic
> pool which then will be used to SNAT packets of that connection.
> This way host routes are not necessary anymore.
>
> This is useful if you have coova-chilli on the same host with a proxy or
> a firewall. When you have anyip enabled, that firewall/proxy will see
> connections coming from some external ip addresses, which will bypass
> your firewall configuration or forces you to disable filters.
>
> Enabling uamnatanyip NATs connections to your dynamic pool subnet, which
> allows you to work only with that subnet on the firewall/proxy.
>
> This patch is tested for 1.0.12, where it works flawlessly. The attached
> patch is ported to current svn, where I have some problems (hisip is
> always 255.255.255.254), but I have the same problems without this
> patch, so i assume the patch should be ok.
>
> If you like the 1.0.12 patch also, simply ask.
>
> peter
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
More information about the Chilli
mailing list