> On Fri, 7 Oct 2005 bernin_a@xxxxxxxxxxxxxxxxxxxxxxxxx wrote:
>
> > Do i understand this correctly, the problem why the packets don't get
> > masqueraded/natted properly is that they already have a conntrack entry
> > before the nat rules are in place ??
>
> Most likely this is the case in your setup, yes.
>
Thanks for help me understand ;-)
Now, i have another question. My setup requires that i change the source port of
some connections (udp port 500) and i have the above problem. If i drop the
initial packet of a connection, does it still get an entry in conntrack ?
As an example, i want to snat the udp packets from 192.168.1.2 port 5444
to come from 192.168.1.2 port 500. If i have a rule that blocks this connection,
insert the nat rule first and allow the traffic afterwards, will this work ??
> Regards
> Henrik
>
Thanks!
--arne
_________________________________________________
Versendet über Webmail der HAW Hamburg
http://www.haw-hamburg.de/webmail
