Hello, Gáspár Lajos a écrit : > > - The client initiates a connection to the firewall public IPs (in a > round-robin manner). > - The service sees a connection that came from a lan. (Remember that is > not bound to any interface.) > - The service reply with the corresponding local IP of the firewall. > - The client drops the packets because they are not from the expected > public IPs. > > How can I make it work? By fixing the broken client, service or application protocol. Either the application protocol specification states that : - the service should reply with the same address (and the service is broken), - or the service may reply with any address (and the client is broken), - or it is left unspecified (and the protocol is broken). UDP deals with independent datagrams. It does not have such notions as "request", "reply", or "connection". > Is it a conntracking, routing or IP stack problem? Neither. It is an application layer problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
