You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Build a network topology integration test where peers are behind NATs, and one of the NATs uses destination-dependent mapping.
Some ideas on how to get this done:
iptables
In a netns that does the NAT, create a fixed set of IP rewriting rules for each IP in the test configuration. The rule matches on the destination IP address and assigns a fixed source port (in addition to the source IP shared by all rules).
I'm not sure if Linux will automatically add the right conntrack entries to translate the return packets. If not, we might need to configure the peers to use a fixed source port for the UDP connections, so that we can add a fixed set of rules to translate (de-NAT) the reverse packets.
NAT in userspace
Create a simple NAT in userspace with two TUN devices, and push the device ends of the TUNs into the peer and main router netns. The userspace program reads IP packets and rewrites the source IP and port, with a destination-dependent mapping.
The text was updated successfully, but these errors were encountered:
Build a network topology integration test where peers are behind NATs, and one of the NATs uses destination-dependent mapping.
Some ideas on how to get this done:
iptables
In a netns that does the NAT, create a fixed set of IP rewriting rules for each IP in the test configuration. The rule matches on the destination IP address and assigns a fixed source port (in addition to the source IP shared by all rules).
I'm not sure if Linux will automatically add the right conntrack entries to translate the return packets. If not, we might need to configure the peers to use a fixed source port for the UDP connections, so that we can add a fixed set of rules to translate (de-NAT) the reverse packets.
NAT in userspace
Create a simple NAT in userspace with two TUN devices, and push the device ends of the TUNs into the peer and main router netns. The userspace program reads IP packets and rewrites the source IP and port, with a destination-dependent mapping.
The text was updated successfully, but these errors were encountered: