What are the rules that you're using now? With a simple DNAT you should get what you want. MASQ does not come into the picture at all.
Ramin On Tue, Apr 23, 2002 at 02:50:11AM +0200, Thomas Troeger wrote: > Hello, > > I've got a small LAN at home, connected to the internet over a > dialup-line and a router. Everything has worked fine for a longer > time, but now I'm stuck with a problem. I hope someone on this list > knows the solution. Here goes: > > I'm trying to setup some special portforwarding for my LAN. The goal > is to have special ports forwarded to an internal machine, _and_ the > reverse, without a changing of the sourceport. I'll try to explain > with an example: > > We have 3 computers, an external one somewhere on the internet (A), > the router (B) and an internal machine where the data should be > relayed to (C). The protocol is UDP, the port used is fixed, let's > say it's 2000 ;-) (B masquerades outgoing traffic, and forwards port > 2000 with portforwarding to the internal LAN). > > This is how it *should* work: > > On the incoming side it looks like this: > incoming packet: FROM A:2000 TO B:2000 > changed packet on lan: FROM A:2000 TO C:2000 > > On the outgoing side it *should* look like this: > outgoing packet: FROM C:2000 TO A:2000 > changed packet on inet: FROM B:2000 TO A:2000 (*) > > Unfortunately, the masquerading code jumps in here, and alters the > source port to something in the masqerading portrange: > outgoing packet: FROM C:2000 TO A:2000 > changed packet on inet: FROM B:61570 TO A:2000 > > My question is now, is it possible to make the router NOT change the > sourceport on outgoing connections for port 2000, so that the packet > is only changed in respect of the sender adress (thus, only the > source adress gets changed but _not_ the source port, like is (*)). > > Any help is welcome, > > --tst.
