Question regarding masquerading all, lets say SSH only, egress traffic to a lot of destinations as sourced from limited number of fixed IPs

[nabheet]

I apologize if I this is not the correct place to ask this question, but I didn't see directions on how/where to ask questions, maybe I missed them. Also, I have a limited understanding of iptables, routing and masquerading.

Like a lot of people on the internet, I have a need to change the source IPs on our outbound SSH connections because the remote SSHD has restrictions by IP address.

Assuming our cluster has, lets say 3, nodes with a fixed IP (Nodes A, B, C), but there are more nodes (lets say 20) in the cluster, is there a way for all the outgoing SSH connections from all the pods (not on Nodes A, B, C) to have the fixed IP from nodes A, B or C.

I am not sure if I am asking this question correctly but I am hoping that someone would say "Oh yeah, thats easy! You forward all your port 22 traffic to Nodes A, B or C round-robinly (or pick one node), and then set up some kind of MASQ rule or something on Nodes A, B and C to forward that one to the remote destination from the ethernet device with the fixed IP." or something ...

I am assuming that using a limited number of fixed public IPs might be better than adding a fixed public IP to every node in the cluster. Also, I am thinking that this might be better than using SSH proxy hops as each SSHD connection would use up a decent chunk of memory/resources on the proxy hop. We make a lot of outbound SSH calls.

Any advice would be greatly appreciated and thank you in advance for your help!

[bowei]

This sounds something similar to:

https://github.com/kubernetes/enhancements/pull/1105

[fejta-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

[fejta-bot]

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten

[fejta-bot]

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /close

[k8s-ci-robot]

@fejta-bot: Closing this issue.

In response to [this](https://github.com/kubernetes-sigs/ip-masq-agent/issues/54#issuecomment-716043146): >Rotten issues close after 30d of inactivity. >Reopen the issue with `/reopen`. >Mark the issue as fresh with `/remove-lifecycle rotten`. > >Send feedback to sig-testing, kubernetes/test-infra and/or [fejta](https://github.com/fejta). >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.