netfilter cannot do NAT for source address based on port?

Truxton Fulton (
Sun, 12 Dec 1999 18:43:23 -0800 (PST)

Dear Rusty et al,

I am trying to use netfilter-0.1.12 in linux 2.3.18 to do NAT.

When I say :

ipnatctl -I --protocol TCP --source-port 23 --binding source --to

I want my machine to use a different source address based on
the source port. So when a local packet is generated (a reply
packet in a telnet session, for instance), based on the port
number (23), it should pretend to be coming from

# ipnatctl -L
generic [SRC]> proto=6 srcpt=23 TO:

However, when I telnet into the machine, no NAT happens,
the telnet succeeds, a third machine with a packet sniffer
does not see on the wire.

I know other NAT rules work, because a command such as :

ipnatctl -I --protocol TCP --dport 23 --binding destination --to

causes the machine to be isolated (from telnet)
since there really is no

Have I missed something, or is netfilter broken?



To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to