On Sat, Apr 27, 2002 at 03:42:47PM +0200, Thomas Troeger wrote: > On Tue, Apr 23, 2002 at 08:24:58AM -0400, Ramin Alidousti wrote: > > Use iptables. You're using ipchains... > > Hello, > > I've built myself a new floppy system with iptables and kernel 2.4.18 > after the last reply to my mail (good you're taken serious here, > no?). How would the solution to my question look like with iptables? ! ! This is how it *should* work: ! ! On the incoming side it looks like this: ! incoming packet: FROM A:2000 TO B:2000 ! changed packet on lan: FROM A:2000 TO C:2000 ! ! On the outgoing side it *should* look like this: ! outgoing packet: FROM C:2000 TO A:2000 ! changed packet on inet: FROM B:2000 TO A:2000 (*) ! ! Unfortunately, the masquerading code jumps in here, and alters the ! source port to something in the masqerading portrange: ! outgoing packet: FROM C:2000 TO A:2000 ! changed packet on inet: FROM B:61570 TO A:2000
I take that this is a typo here, otherwise it doesn't work at all, C and A should reverse. ! ! My question is now, is it possible to make the router NOT change the ! sourceport on outgoing connections for port 2000, so that the packet ! is only changed in respect of the sender adress (thus, only the ! source adress gets changed but _not_ the source port, like is (*)). ! Netfilter HowTo: ... Standard NAT Behavior The default behavior is to alter the connection as little as possible, within the constraints of the rule given by the user. This means we won't remap ports unless we have to. ... Hope it helps. Ramin > thx, > > --tst.
