Hi,

I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them.
I've got an iptables rule that looks like:

If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1.

My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?

I don't think you can if you're using random.
You can use
--average percent

smoker: I don't think we're talking about the same thing. I am using the --random argument to the SNAT target.

man iptables

errmmm... yeees, that's where
comes from.

percentage of time ?

You can't set the time ,but you can set how many times on average a packet gets matched by the random rule.

Not too sure, but have you tried state?

iptables -t nat -A POSTROUTING -m state --state ESTABLISHED,RELATED -s 10.0.0.0/24 -p udp -j SNAT --to 10.1.0.100

Btw, Working on SIP?

Hi,
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout, /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream.

1 members found this post helpful.

Thanks, that's exactly what I was looking for.