The history of SAME is to make a target act like SNAT, but choose the SAME source address for SAME destination address.
Before kernel 2.6.11 you could specify more than one --to-source option for SNAT, kernel will choose any of these addresses to do NAT. After 2.6.11 you could still assign a block of continuous address in --to-source, for example --to-source 192.168.0.1-192.168.0.5. But you can not assign multiple --to-source like --to-source 192.168.0.1 --to-source 192.168.1.1.
Instead, you should use SAME target,
iptables -A POSTROUTING -j SAME --to-source 192.168.0.1 --to-source 192.168.1.1
This gives a client the same source-/destination address for each connection.
沒有留言:
張貼留言