I have a need to set the source packet's high (unprivileged) source ports to a fixed range of high ports on a firewall providing NAT. The goal is to be able to identify the inside machines at the destination after NAT has changed the addresses. This is for identification only. I do not need to connect back to the machines inside the firewall. I realize this may break certain protocols which may use dedicated unprivileged ports. i.e.: PREROUTING -i eth0 -p tcp -m tcp -s 192.168.0.x --sport 1024:65535 -j REDIRECT --to-ports 2000-2200 The above modifies the destination port based on the source port. I wish to modify the source port ( --from-ports ? ). By already knowing the range of high ports used per internal IP address, I can tell which machine inside is sending the data. If someone knows another way of doing this, I would appreciate any suggestions. Thanks, Steve.
