Hello, Pedro Gonçalves a écrit :
In attachment you can find an capture made at the machine with IPTables, in which you can see: -packets 1 and 2: Packet going from the client behind NAT (175.16.0.1:10000) to Stun Server (192.168.2.164:3478) -> Client's public address is 192.168.2.159:10000 -packets 21 e 22: Packet going from the client behind NAT (175.16.0.1:10000) to the other NAT's public addr (192.168.2.173:20000)-> Client's public address is 192.168.2.159:1029 Why is the client getting different NAT mappings?
The NAT mechanism may change the source port in order to avoid a clash - or at least what it considers a clash - with an existing mapping (same external source and destination addresses and ports). I guess that this existing mapping was created by packet #17 received from the other NAT device : 192.168.2.173.20000 -> 192.168.2.159.10000.
A possible workaround may be to DROP or REJECT this incoming packet in the INPUT table, so the associated connection tracking and NAT mapping are deleted.
