Hi Jason just to inform you what have I learn with the configuration from you. With this rule: iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to xxx.xxx.85.113-xxx.xxx.85.115, it is intermitent, i mean sometimes it connects to voice but sometimes it does't. With this rule: iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to xxx.xxx.85.113 It is ok, it connects all the time, I have not encounter any entermitent connection. This is ok but one might do some nasty things on the net then the single IP might be block. But anyway thank you very much for this great help, I really really appreciate it. Regards, Wennie ----- Original Message ----- From: "Jason Opperisano" <opie@xxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, April 12, 2005 3:39 PM Subject: Re: msn and yahoo messenger voice chat > On Tue, Apr 12, 2005 at 03:39:26PM +0300, Wennie V. Lagmay wrote: > > > > Thank you Jason, I just want to confirm is it to be writen > > > > like this alone: > > iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to > > xxx.xxx.85.113-xxx.xxx.85.115 > > yes--SAME can completely replace your SNAT rule, if you so desire. > > > or the original SNAT plus SAME like this : > > IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source > > xxx.xxx.85.113-xxx.xxx.85.115 > > that rule isn't completely correct, as it has no "-t nat" in it. > > > iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to > > xxx.xxx.85.113-xxx.xxx.85.115 > > if you're asking if you should have a SNAT rule followed by a SAME rule > that are identical except for the target, then no--the SAME rule will > never be matched in that scenario. > > if you want to combine SAME and SNAT--put the SAME rule first and have > it match only on the specific ports used by the application in question > that cannot handle src IP changes; and the SNAT rule second to catch the > rest of the general traffic. > > HTH... > > -j > > -- > "Chris: Where do you think you go when you die? > Southern boy: I learned from church that if you're good you go to > heaven but if you're bad, you go to a place where the dead believe > they're still living and they pray for death but death won't come. > Chris: UPN?" > --Family Guy > >
