[PATCH] SNAT anyip connections
wlanmac
wlan at mac.com
Tue Jun 23 18:16:12 UTC 2009
Great feature, I can't wait to try it out!
On Tue, 2009-06-23 at 18:11 +0200, Peter Warasin wrote:
> Hi List
>
> Attached is a patch which adds the option --uamnatanyip.
>
> If this option is enabled and anyip is also enabled, every anyip
> connection will be NATed to an ip address from the dynamic pool.
> For each new connection an ip address will be requested from the dynamic
> pool which then will be used to SNAT packets of that connection.
> This way host routes are not necessary anymore.
>
> This is useful if you have coova-chilli on the same host with a proxy or
> a firewall. When you have anyip enabled, that firewall/proxy will see
> connections coming from some external ip addresses, which will bypass
> your firewall configuration or forces you to disable filters.
>
> Enabling uamnatanyip NATs connections to your dynamic pool subnet, which
> allows you to work only with that subnet on the firewall/proxy.
>
> This patch is tested for 1.0.12, where it works flawlessly. The attached
> patch is ported to current svn, where I have some problems (hisip is
> always 255.255.255.254), but I have the same problems without this
> patch, so i assume the patch should be ok.
>
> If you like the 1.0.12 patch also, simply ask.
>
> peter
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
More information about the Chilli
mailing list