change source ip of udp streams

hi,

i´m using

iptables -t nat -A POSTROUTING -p udp --dport 1001 -j SNAT --to
192.168.100.5:25001

to change the source ip to 192.168.100.5 for every outgoing udp packet
with 1001 as destination port.

Now if i want to use two rules like:
iptables -t nat -A POSTROUTING -p udp --dport 1001 -j SNAT --to
192.168.100.5:25001
iptables -t nat -A POSTROUTING -p udp --dport 1002 -j SNAT --to
192.168.100.5:25002

the secound doesn´t work anymore!
but why?

to make the problem more clearly, i´ve got two sockets open one on
25001 the other on 25002.
Now if see that the two iptable-rules do work. but first i have to
write all the data from 25001 and then after all are written from
25002.

The Data from 25002 is only 1% as much as from 25001.

Can someone explane why iptables doesnßt allow direkt written of the
socket?!?

bubzilla wrote:
> hi,
>
> i´m using
>
> iptables -t nat -A POSTROUTING -p udp --dport 1001 -j SNAT --to
> 192.168.100.5:25001
>
> to change the source ip to 192.168.100.5 for every outgoing udp packet
> with 1001 as destination port.
>
> Now if i want to use two rules like:
> iptables -t nat -A POSTROUTING -p udp --dport 1001 -j SNAT --to
> 192.168.100.5:25001
> iptables -t nat -A POSTROUTING -p udp --dport 1002 -j SNAT --to
> 192.168.100.5:25002
>
> the secound doesn´t work anymore!
> but why?

Because SNAT is a target ?
I.e. the packet does not return from a "-j SNAT" to follow the rest of
the POSTROUTING chain - the second rule is never executed.

And even if it were executed - how would you magically turn one packet
into TWO ?

Look at the "tee" option; you need a special iptables module to be able
to use it, i.e. it's not in a stock kernel build, but it can "split" a
packet in two.

Your second post was unfortunately completely unintelligible.

J.