On Sat, Oct 02, 2010 at 10:56:19AM +0300, Julian Anastasov wrote: > > Hello, > > On Sat, 2 Oct 2010, Simon Horman wrote: > > >> Here dport: > >> > >>>+ dport = dest->port; > >> > >> should be: > >> > >> dport = ports[1]; > >> if (dport == svc->port && dest->port) > >> dport = dest->port; > > > >Thanks, fixed. > > I'm still wondering, may be it needs separate patch > but we do not support NAT to different dest->port in the > case for fwmark. May be the above logic can be changed to > support it. By this way web to different VIPs and VPORTs > in a single virtual service (fwmark) can use single NAT > real server for name-based virtual hosting. But such change > can create compatibility problems for setups that used > different vports for the fwmark service and still expect > it in that way (vport to same dport). Hi Julian, I think that this sounds line a new flavour of fwmark virtual services to me. Perhaps yet another flag is in order? To be clear, what you have in mind is essentially to nat *:* (as matched by a fwmark) to x:y, where as at this time *:y may be natted to x:y. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html