manpage iptables:
MASQUERADE
.........
--random
Randomize source port mapping If option --random is used then
port mapping will be randomized (kernel >= 2.6.21).
On Wed June 10 2009 wrote Mark Ryden:
> Hello,
> I am trying and having success to build a NAT using MASQUERADE target;
>
> I have a machine with two interfaces. eth0 is an internal IP of
> 192.168.0.45 (internal)
> network. eth1 is 10.0.0.1 (also intenal network)
>
> On this machine I run this:
>
> iptables -A POSTROUTING -t nat -o eth0 -s 10.0.0.0/24 -d 0/0 -j MASQUERADE
> iptables -A FORWARD -i eth1 -j ACCEPT
>
> I have a second machine, 10.0.0.189. This machine is connected directly to
> 10.0.0.1. (I can ping 10.0.0.1). It has only one nic.
> On this machine, the default gw is 10.0.0.1
>
> Now, when I send from 10.0.0.189 a UDP packet to a different machine
> on 192.168.0 network (for example,
> 192.168.0.10) , it goes through the NAT on 10.0.0.1. I see that the
> source and destination UDP ports stay the same
> in the sender **and** in the receiver. When dealing with real NAT (when one
> side has external IP address), than the UDP **source** is changed by the
> NAT, and it is not the same on the receiver and the sender.
>
> My question is: how should I configure the rules so that the UDP
> source port will
> be changed by the NAT so it will not be the same on the receiver and the
> sender? rgs,
> Mark
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Christoph Paasch
www.rollerbulls.be
--
Attachment:
signature.asc
Description: This is a digitally signed message part.
