Thanks I'll give that a try. Wouldn't it trying to keep 1 to 1 mapping make the SAME target attribute redundant? -----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of "Oleg A. Arkhangelsky" Sent: Tuesday, August 03, 2010 10:44 PM To: Jan Engelhardt; netfilter@xxxxxxxxxxxxxxx Subject: Re: snat range not cycling 04.08.2010, 02:09, "Jan Engelhardt" <jengelh@xxxxxxxxxx>: > IIRC the algorithm tries to give you the same source address for a given > source address. (I hear that banking sites and other sensitive stuff can > get unhappy if your externally visible address suddenly changes.) > Only when --persist option is given. Otherwise original source and destination addresses will be used for selection IP-address from the pool. Timothy should try connection from different source IP-address or use different destination and see how this change situation. -- wbr, Oleg. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
