On Thu, Oct 30, 2003 at 11:31:19AM +0100, Nikolai Dahlem wrote:
> A Master connection is established between Host1 and Server.
> Host1 and Host2 negotiate connection parameters via the Server.
> Then related data connections are established between Host1 and Host2
> directly.
> The control-connection is established and an expectation is created.
> The related connections work in some cases, the problem is that NAT changes
> the source port.

this seems like a bug in your conntrack helper, but without having
access to the source I cannot possibly imagine what you are doing.
 
> Nikolai Dahlem

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie