On Mon, Apr 18, 2005 at 03:26:42PM +0100, Filipe Abrantes wrote:
> Hi all,
>
> I have a basic question about iptables UDP NAT.
>
> Imagine that you have 2 UDP sessions in your private LAN using the same
> port. How does iptables nat these connections? One of the sessions will
> get one external port of the NAT machine and the other session will get
> another one? Does the usual MASQUERADE command suffice to achieve this?
if you're talking about two machines in the inside network making
outbound connections to the same UDP port; for example 53, then (a) it's
highly unlikely that both connections will use the same source port and
(b) yes--each machine gets its srcip:sport re-mapped to the iptables
machine's pubip:mappedsrcport. remember that connection-tracking uses
four values to match a connection:
src ip, src port, dst ip, dst port
> iptables MASQUERADE command:
>
> $IPTABLES -t nat -A POSTROUTING -o $OUTBOUND_IFACE -j MASQUERADE
sure.
> Hope I have made myself clear and,
not really--because i'm guessing your actual question is about something
infinitely more complicated that will come out after much dancing
around...maybe i'm wrong.
-j
--
"Lois: Peter, there's a naked man on this cake.
Peter: There were only two cakes left, and trust me, you do not want
the one of Al Roker with the Hershey Kiss nipples."
--Family Guy
