Is it possible to change the _source_ port in the PREROUTING nat table? This would be equivalent to do an SNAT in PREROUTING table. This propably cannot be done with basic iptables commands, but is there a POM extension which would enable this or is is hard to write one?
The reason for this unusual need is that some ISPs do NAPT and NAT for private addresses and many IKE implementations really require IKE UDP packects to originate from port 500 as well. I'm having such a VPN running on my linux, so I need to change the source port (with conn tracking of course) to 500 before it arrives to the IKE daemon. I guess having a separate nat box before the VPN could do the trick, but can they be put in the same box? Thank you for any help & ideas. >> Johannes <<
