Hi ! I am trying to set up a testbed using NAT. A tool creates packets with a different DSCP values, then packets are sent to a gateway doing NAT using the DSCP values. For example, EF packets will be DNAT to 193.1.1.1 and BE packets will be DNAT to 194.1.1.1. I use : iptables -t nat -A PREROUTING -d .... -m dscp --dscp 46 -j NETMAP --to 193.0.0.0/8 But (yes, there is a but) when my tool generates packets, it can create TCP, UDP, ... packets with dst port and src port values. When it creates udp packets with DIFFERENT dscp values but using the SAME ports, iptables rules doesn't work like I want. Example : DNAT Rule : DSCP : EF ---> DNAT to 193.1.1.1 DSCP : AF11 ---> DNAT to 194.1.1.1 When my generator creates packets like this : dstPort = 642, srcPort = 326, DSCP = EF ----> DNAT -----> 193.1.1.1 dstPort = 642, srcPort = 326, DSCP = AF11 ----> DNAT -----> 193.1.1.1 iptables seems to apply the same DNAT to the two kinds of packets, without respecting my iptables rule. But, when I use the same rules with these packets : dstPort = 446, srcPort = 222, DSCP = EF ----> DNAT -----> 193.1.1.1 dstPort = 642, srcPort = 326, DSCP = AF11 ----> DNAT -----> 194.1.1.1 it works. Is this normal ? (I think "yes") Could I change it ? Is it possible to set iptables in order to avoid the srcPort and dstPort check ? Sorry if this message is not easy to understand... Thank you -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
