On Tuesday 2011-10-04 23:23, Sven-Haegar Koch wrote: > >The question is, in the following case, does Netfilter "use" two >external ports or are/can both connections be mapped to the same >external source port? >Connections before SNAT: > > 10.1.2.3 port 1024 -> 8.8.8.8 port 80 > 10.1.2.10 port 1024 -> 9.9.9.9 port 80 > >After SNAT is it: >[1] > a.b.c.d port 1024 -> 8.8.8.8 port 80 > a.b.c.d port 1025 -> 9.9.9.9 port 80 > >or >[2] > a.b.c.d port 1024 -> 8.8.8.8 port 80 > a.b.c.d port 1024 -> 9.9.9.9 port 80 For NFCT, simple uniqueness suffices (i.e. [2]), though while I am reading the source, it seems like it ignores local sockets (not so nice, especially when CTs from local sockets are not tracked). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
