On 28.10.2016 00:41, Rui Santos wrote: > I believe you may be referring to the --random of the SNAT target. > > Although that is a solution which I will probably take if there is no > other, there are actually two issues with it: > 1) AFAIK, it will randomize all egress ports. I would like to keep the > default behavior of NAT, by tampering with connections as little as > possible. On the example I provided, only the connection initiated by > server2, gets a random egress port. server1 connection egress port > will be the same as the origin source port. > > 2) Random does not necessarily mean unique. What will happen if > client1 and client2, randomly get the same egress port for different > destination IP's? Will --random consider this valid? If it will, I end > up with the same issue (although rare, true) of having two clients > with the same egress port. > > Is there any way to accomplish this? I don't know that, sorry. The stuff from that man page is all I know about this issue. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Attachment:
signature.asc
Description: OpenPGP digital signature
