On Wednesday 2008-11-26 23:57, Bryan Duff wrote: > Here is the rule: > > conntrack -I --orig-src 192.168.10.10 --orig-dst 192.168.2.206 --reply-src > 192.168.2.206 --reply-dst 192.168.2.204 -p udp --orig-port-src 5000 > --orig-port-dst 7002 --reply-port-src 7002 --reply-port-dst 7000 -u ASSURED -t > 60 > > 192.168.10.10 is the phone in my LAN. > 192.168.2.204 is the local WAN address. > 192.168.2.206 is the remote address. > > If that above rule is inserted, and I send traffic (that matches the rule) out > the WAN from the LAN, why would it not SNAT the rule on the way out (from > orig-src 192.168.10.10 to reply-dst 192.168.2.204)? You just set up a NAT mapping and even marked it ASSURED, so no further mapping modifications are accepted. > iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.1/24 -m realm --realm 1 -j > SNAT --to 192.168.2.204 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
