How to mangle IP addresses based on time using iptables

iptables nat

I want to change my IP addresses based on time not urls. Following is my iptable rule to mangle IPs I have :

sudo iptables -t nat -A POSTROUTING -o em1 -p tcp --dport 80 -j SNAT \
              --to x.x.x.118-y.y.y.128

The problem is everytime I check ipflag.com I only get one specific ip which I don't want it to be like that I want to have a rule in iptables so it would change my IP based on time, say every 5 mins.

Is it possible to do so?


The time module will deliver close to what you are wanting; the below covers 2:00am to 6:00am every day (read up on this module for further information as it does also allow for targeting on a per day of the week basis):

-m time --timestart 02:00 --timestop 06:00

but you would need to create many rules to achieve your "every 5 minutes" requirement.

Also note that because of the way the connection tracking module works, once a connection is established, it becomes tracked (an entry is added to the conntrack table) and it will remain that way, regardless of what iptables "time matching" rules you come up with for this, until it either expires (in the case of UDP) or is torn down (TCP connection closed/reset etc). So even if you did rotate to a different IP address every 5 minutes, if you have a persistent connection which remains open to a peer, that will not automatically terminate and reset - it will remain established without interruption using the IP address it first matched on (via your iptables "time matching" rules). To force a connection reset, moving it onto a new IP, you would have to also start using conntrack (part of the conntrack-tools RPM package) to actively reset all or some of the connections that you wish to be moved over to your new IP address. You could do a crontab entry to achieve this, running something like this every 5 minutes:

/usr/sbin/conntrack -D -s 192.168.0.128

to reset all connections being tracked originating from host 192.168.0.128 (run with just the -D to perform a complete blanket reset of all tracked connections).

Related

Poor website performance [duplicate]
RedirectMatch redirect every url to https except few urls
Repair DNS Hostname mac server
Postfix can't read ~/.forward files
Does automatic updates reboots Windows Server 2008?
SQL Server Shrink File Fails
Local DNS after Office 365 migration
Ubuntu Postfix: Mail loops back to myself and host greeted me with my own hostname
Resolver Timeouts in Bind 10
Enable modules on nginx and ubuntu
Set up email accounts that just auto-forward to another address
Unable to Create Rule in IPTables to Open Port 80