Hi all, I'm currently using NAT to provide Basic address translation from private to public IP's. However, linux kernel uses both destination IP and Port as part of it's NAT mapping process. This way (client1 and client2 are on the same internal network): - if client1 connects to server1 using source port X, the NAT will be mapped: client1IP:SourcePortX -> server1IP:SourcePortX; - if client2 then connects to server2 using source port X, the NAT will be mapped: client2IP:SourcePortX -> server2IP:SourcePortX. Basically, SourcePortX is used on both mappings for client1 and client2. But, if client2 tries to connect do server1 instead, using the same source port X, the NAT will be mapped: client2IP:SourcePortX -> server2IP:SourcePortY SourcePortY will be an available (randomly generated?) ephemeral port. My goal is to force this behavior on all outgoing connections. This way I would get a unique egress port mapping to an internal IP:Port in a specific point in time: - if client1 connects to server1 using source port X, the NAT will be mapped: client1IP:SourcePortX -> server1IP:SourcePortX; - if client2 then connects to server2 using source port X, the NAT will be mapped: client2IP:SourcePortX -> server2IP:SourcePortY. SourcePortY will be an available (randomly generated?) ephemeral port. I am aware that this will imply a concurrent NAT connections limit, equal to the ephemeral port range, per egress IP. Is there any way I can accomplish this kind of behaviour? Thanks for all your help, -- Rui Santos Veni, Vidi, Linux -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
