netfilter cannot do NAT for source address based on port?

Truxton Fulton (trux@truxton.com)
Sun, 12 Dec 1999 18:43:23 -0800 (PST)


Dear Rusty et al,

I am trying to use netfilter-0.1.12 in linux 2.3.18 to do NAT.

When I say :

ipnatctl -I --protocol TCP --source-port 23 --binding source --to 10.0.0.9

I want my machine to use a different source address based on
the source port. So when a local packet is generated (a reply
packet in a telnet session, for instance), based on the port
number (23), it should pretend to be coming from 10.0.0.9.

# ipnatctl -L
generic [SRC] 0.0.0.0/0->0.0.0.0/0 proto=6 srcpt=23 TO: 10.0.0.9

However, when I telnet into the machine, no NAT happens,
the telnet succeeds, a third machine with a packet sniffer
does not see 10.0.0.9 on the wire.

I know other NAT rules work, because a command such as :

ipnatctl -I --protocol TCP --dport 23 --binding destination --to 10.0.0.9

causes the machine to be isolated (from telnet)
since there really is no 10.0.0.9

Have I missed something, or is netfilter broken?

Thanks,

-Truxton

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu