Thanks for your reply. Our product is a Linux based product that uses netfilter. We have Squid and a filtering engine on our box. We are strong supporters of netfilter. Our customers have many subnets behind our box because of where it is placed in their network. Bringing up alias's on br0 for each of their subnets that are not even on that broadcast domain is a big band aid :). I think this is somehow a bug in ip_nat_core.c and will investigate that further and have cc'd coreteam@xxxxxxxxxxxxx and hopefully that will get to Rusty who wrote it. As for the SNAT I think Jason Opperisano's response is correct. Everything works great, except somewhere in ip_nat_core.c the src port is getting changed to 1 from 80. I have attached an ethereal dump to show this happening and a dump when it does what it is supposed to. Everything between the 2 is the same, except after I captured the no_work.cap, I did ifconfig br0:0 192.168.255.165 So it had an IP on the test machine's subnet. Of course it worked fine and that capture is work.cap Thanks for all your help. Trevor Paskett Cymphonix Programmer - CCNA, CWNA P: 801-938-1500 F: 801-938-1501
Attachment:
work.cap
Description: work.cap
Attachment:
no_work.cap
Description: no_work.cap
