Hi guys, sorry, but you didn't get my point: The most advanced networking operating system is not capable of doing symetric NAT? That's bad. that's just plain bad. I will try to get someone on the development list. I am working for a big company ( which does not rely on this, that's my private stuff, luckily), but if we would do this kind of incomplete Development (not implementing the symetric NAT functionality, although we obviously know, that it would make things work better), we would be in trouble. Sadly no one does pick up the point in this, that there is some missing functionality. Thanks for you advice with using static mappings, but that doesn't work, as I cannot predict which ports my phone will use. (I did that trick with two phones I have at home, but it will never work with my mobile, so that isn't a solution.) Thanks guys, and bye. On Thu, Nov 15, 2012 at 3:01 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > On 11/14/2012 5:54 PM, Jan Engelhardt wrote: >> >> On Wednesday 2012-11-14 16:38, Eliezer Croitoru wrote: >> >>> >Or instead just use DNAT with specific ports that will allow any other >>> >traffic from this host to others based on basic NAT what called >>> >"port-forwarding" >> >> Port forwarding is a terrible misnomer, because the port itself is an >> entity belonging to the host, and as such static. NA(P)T, or "port >> mapping" if you have to, is just fine and catches the spirit properly. >> If you need a car analogy, you can't move the piers/ports either, only >> the ships. >> >> That said, DNAT is exactly what I gave as one way of resolution. From >> there, one can use --dport(s) as needed, but then that's not a full 1:1 >> NAT anymore. >> (I get the feeling my mail was ignored, perhaps you should go through >> the text and bottom post like everybody else.) >> >>>> >> iptables -t nat -A PREROUTING -i internet [-d 114.XX.234.123] \ >>>> >> -j DNAT --to 192.168.1.38 > > > Since he has very specific problem I suggested to do that which extends your > saying. > By the way you spelled it better then me.. > > Regards, > Eliezer > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il -- Bye Bye, Jörn Krebs -------------------------------------------- 64 Queen St., Blackstone 4304 Phone: +61731363381 Mobile: +61431068955 Telefon: +495516345347 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
