type inet_service : ipv4_addr
elements = { 61023:179.x.x.x, 61023:172.25.120.2 }
The dport is the same.
A -> B mapping needs to be unique.
WAN and LAN ports need to be different?
map says:
given input x, provide y
So, if input 61023, provide 179.x.x.x.
If input 61023, provide 172.25.120.2.
So, one input can only have one output.
Sure, got it now, thank you!
ip daddr 179.x.x.x tcp dport 61023 dnat to 172.25.120.2
(its not clear to me if you actually want daddr or
ip saddr 179.x.x.x/8 tcp dport 61023 dnat to 172.25.120.2).
ip daddr 179.x.x.x udp dport 61023 dnat to 172.25.120.2 -> does it
Now being exited that it is working I was getting adventurous and tried
the routing decision earlier at the raw level
table raw {
chain prerouting {
type filter hook prerouting priority -300;
ip daddr 179.x.x.x udp dport 61023 ip daddr set 172.25.120.2
}
}
Basically the first vpn TLS packet gets through |TLS: new session
incoming connection from| but then the vpn stops dead in its track.
Suppose that is because raw is still stateless?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
