HI Noel, Thank you for your reply on this! I believe you may be referring to the --random of the SNAT target. Although that is a solution which I will probably take if there is no other, there are actually two issues with it: 1) AFAIK, it will randomize all egress ports. I would like to keep the default behavior of NAT, by tampering with connections as little as possible. On the example I provided, only the connection initiated by server2, gets a random egress port. server1 connection egress port will be the same as the origin source port. 2) Random does not necessarily mean unique. What will happen if client1 and client2, randomly get the same egress port for different destination IP's? Will --random consider this valid? If it will, I end up with the same issue (although rare, true) of having two clients with the same egress port. Is there any way to accomplish this? > > The answer is on the man page (man iptables-extensions). > Read the text about the SNAT and MASQUERADE targets. > -- Rui Santos Veni, Vidi, Linux -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
