Hello!
I have the need to ensure for a few ports on an outgoing connection from one source LAN IP address to one source WAN IP address, that a few source ports (10000:10031) have to be SNATed
*unchanged* to WAN source IP / source port.
At first I used
iptables -t nat -I POSTROUTING -p udp -s 192.168.45.10 --sport 10000:10031 -d 219.0.0.0/16 -j SNAT --to-source 13.14.15.16
Unfortunately, the source port changed from e.g. 10000 to 1024. This breaks the functionality of the application. I need it to be the same source port on the WAN as on the LAN side.
One workaround is, to create dedicated entries for each port to enforce the correct handling:
iptables -t nat -I POSTROUTING -p udp -s LAN_IP --sport 10000 -d 219.0.0.0/16 -j SNAT --to-source 13.14.15.16:10000
...
That's working fine.
Another way seems to work, too (at least, I didn't see any other mappings until now):
iptables -t nat -I POSTROUTING -p udp -s LAN_IP --sport 10000:10031 -d 219.0.0.0/16 -j SNAT --to-source 13.14.15.16:10000-10031
Is it by accident or is it quasi guaranteed, because there is only one application, which uses this local IP for outbound connections and this process manages the used local ports itself (so
there can't be any overlapping).
Or is there a better way to force SNAT to preserve the source port?
Thanks,
Carsten
