В Чтв, 12/03/2009 в 11:32 +0000, Vitor António das Neves Pinto пишет: > Dear all, > > I have a question regarding a special configuration with > iptables, I hope you can help me: > - Behind the NAT there’s a terminal with IP1 that sends a > UDP packet to a host outside the NAT with IP2 (Source > port=1033 Dport= 123) > - The response to this packet (due to load balancing > issues) comes from a machine outside the NAT with IP3 (not > from IP2!!) with Source port=123 Dport=1033 > > Since iptables is configured as a port restricted NAT the > response packet is dropped not reaching terminal with IP1… > Any idea how to make the packet reach the terminal with > IP1? > I know that with a full cone nat this wouldn’t happen… On machine with IP3 try to do SNAT to IP2 for those packets. This should fix your problem. -- Покотиленко Костик <casper@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
