On Thu, Oct 30, 2003 at 11:31:19AM +0100, Nikolai Dahlem wrote:

> Is there a way to know/reserve ports that nat uses for a certain
> connection ? or is there a way to tell nat which port to use ?

yes, by calling ip_conntrack_change_expect() to change the port number
of the to-be-expected connection.  in the nat helpers expectfn(), you
then call ip_nat_setup_info() with a per-proto (l4) range of exactly one
port number.

the ftp helper shows this for the DNAT case.

> kind regards
> Nikolai Dahlem

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie