-----Original Message----- From: Jan Engelhardt [mailto:jengelh@xxxxxxxxxxxxxxx] Sent: Friday, February 29, 2008 5:34 PM To: Nishit Shah Cc: netfilter-devel@xxxxxxxxxxxxxxx Subject: RE: Does Redirect/NAT change the destination port of reverse tuple ? On Feb 29 2008 17:30, Nishit Shah wrote: >>>Now here original and reverse tuples are --> >>> Original tuple 192.168.206.200:63423->72.14.223.83:443 >>> Reply tuple 192.168.121.125:3128->192.168.206.200:46873 >>> >>>So, here destination port of reverse tuple is 46873. Is it correct ? >> >>You could compare with the output of tcpdump to capture the >>actual on-wire situation especially regarding port 46873. > >In tcpdump output I am seeing packets only with port 63423. No packets with >port 46873. Something like > > 192.168.206.200:63423->72.14.223.83:443 Syn > 72.14.223.83:443->192.168.206.200:63423 Syn Ack > 192.168.206.200:63423->72.14.223.83:443 Ack > >Also, this happens with heavy load only. In normal conditions destination >port of reverse tuple doesn't change. Then, also check the output of `lsof -Pn` and see if it has 46873. squid 5770 squid 20u IPv4 30336 TCP 192.168.206.200:46873->a.b.c.d:3128 (ESTABLISHED) Yes, It is like you have mentioned. Even In squid I am getting source port as 46873. I am putting my load pattern here may be that can help Client IP - 192.168.206.200 and I am sending random https requests with incrementing source port every time starting from 1025 to 65535.... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
