Thank you Jason, I just want to confirm is it to be writen like this alone: iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to xxx.xxx.85.113-xxx.xxx.85.115 or the original SNAT plus SAME like this : IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source xxx.xxx.85.113-xxx.xxx.85.115 iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to xxx.xxx.85.113-xxx.xxx.85.115 wennie ----- Original Message ----- From: "Jason Opperisano" <opie@xxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, April 12, 2005 1:19 AM Subject: Re: msn and yahoo messenger voice chat > On Sat, Apr 09, 2005 at 09:30:29AM +0300, Wennie V. Lagmay wrote: > > Hi all, > > > > Below are the config I tested and results: > > > > 1. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source > > xxx.xxx.85.113-xxx.xxx.85.115 > > 2. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -d > > xxx.xxx.85.113 -j MASQUERADE > > 3. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j MASQUERADE > > > > config 1, everything is working fine except msn and yahoo messenger voice > > chat. > > config 2, everything is working fine except msn and yahoo messenger voice > > chat. > > config 3, everything is working fine including msn and yahoo messenger voice > > chat, the only problem is that this configuration is not fitted to our > > setup. Can anybody have an idea on using config 1 and 2 with msn and yahoo > > messenger voice chat enable? or do you have any solution enabling similar to > > config 1 with all features enable? > > use the SAME target from PoM to tell iptables to use the same SNAT IP > for subsequent connections between the same src and dst IP: > > iptables -t nat -A POSTROUTING -s 192.169.10.0/24 \ > -j SAME --to xxx.xxx.85.113-xxx.xxx.85.115 > > -j > > -- > "Peter: You wanna talk about awkward moments? Once, during sex, > I called Lois "Frank". Your move, Sherlock." > --Family Guy > >
