On Sun, 2004-10-24 at 11:28, Marco wrote: > Hello! > > Thanks for your answer. I tried this but do not work. > I used tcpdump to verify the packets and saw the problem. [ snip ] you're trying to change horses mid-stream. a normal TCP session looks like: CLIENT SERVER --------------------------- 1) SYN -> 2) <- SYN-ACK 3) ACK -> 4) GET / -> my questions for you: at which point in this conversation does your firewall make a routing decision for the session flow, choose a SNAT, and enter the connection into the conntrack table? (my answer is step 1) at which point in this conversation can it be determined what layer 7 protocol is being spoken over this port? (my answer is step 4) you are applying a SNAT to a connection at packet 1, and then trying to change the source IP of the connection at packet 4. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
