iptable_nat seriously b0rken

[Rusty Russell]

In message <017e01bfe8fe$b3992a80$4000a8c0@TENDRIL> you write:
> 
> I'll give it a try.  Don't have another machine with pptp on it, so it may
> be a couple of days.
> 
> Brent
> 
> ----- Original Message -----
> From: "Steve Moro" <steve.moro@home.com>
> 
> > Can you from 2 machines at the same time PPTP out to different PPTP
> server?
> > I thought the iptables code could only track one at a time..

Summary: One Per Server

Explanation:

The NAT code will never create two connections which look identical
(how would it distinguish the replies?)  Since it knows nothing about
PPTP, all it can go in is the Source IP, Destination IP and protocol
(PPTP in this case).

If you're masquerading, then you're making the Source IP addresses the
same, and both are PPTP... so you're down to differentiating by
Destination IP.

Hope that clarifies,
Rusty.
--
Hacking time.