Sure, that can be done. Look at this: http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.1 in detail. Specifically, the :1-1023 at the end of the POSTROUTING command. Regards, Frank -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Andreas Micklei Sent: Wednesday, November 01, 2006 9:24 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Explicit source port mapping Greetings, I have an unusual (maybe?) request. I have several private IPs (192.168.x.x) behind a Linux gateway. All are NATed to the Internet. Now I want to explicitely map each private IP to a fixed source port range on the WAN interface of the gateway. Example: Connections from 192.168.42.1 are mapped to source ports 1024 - 1279 Connections from 192.168.42.2 are mapped to source ports 1280 - 1343 Connections from 192.168.42.3 are mapped to source ports 1344 - 1408 ... Quetions 1: Can netfilter do this for me? Question 2: If not, would it be easy to implement, and can someone give a suggestion where I should start? - Or even better: Has someone already implemented this? Sorry if my question sounds stupid. In the HOWTOs I could only find implicit source port mapping. Also I did not find a search interface for the mailinglist. So if this question is already answered, pointers are appreciated. regards, Andreas Micklei
