Hello,
James Lamanna a écrit :
> Hi,
> Is there a way to disable port translation during SNAT so that traffic
> originates from the same external port as it did internally?
When possible this is already the default when you don't specify a port
range nor --random. From the man page :
--to-source ipaddr[-ipaddr][:port-port]
which can specify a single new source IP address, an inclusive
range of IP addresses, and optionally, a port range (which is
only valid if the rule also specifies -p tcp or -p udp). If no
port range is specified, then source ports below 512 will be
mapped to other ports below 512: those between 512 and 1023
inclusive will be mapped to ports below 1024, and other ports
will be mapped to 1024 or above. Where possible, no port alter-
ation will occur.
Sometimes the source port must be translated in order to avoid a
conflict with an existing connection to the same destination which
already uses that source port.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
