When you are doing SNAT to a range of IP addresses, do you have to setup alias interfaces for those addresses, or does netfilter do some magic so you can get replies? Secondly, if the firewall gets two outgoing "connection" startups from udp port 500, will it map them to two different IP addresses and keep the source port at 500, or will it keep the same IP address and map the second port to something else? How can I best force it to keep the port numbers the same? -- Tony Lill, Tony.Lill@xxxxxxxxxxxxxxxxxxx President, A. J. Lill Consultants fax/data (519) 650 3571 539 Grand Valley Dr., Cambridge, Ont. N3H 2S2 (519) 241 2461 --------------- http://www.ajlc.waterloo.on.ca/ ---------------- "Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"
