iptables DNAT of outgoing destination port, unexpected behavior

view full story

http://www.unix.com – Not sure if this should be here or in the security section. I am developing software that dynamically manipulates netfilter/iptables rules (through system() calls of the command strings, I'm not trying to hack the netfilter code). Basically, UDP messages that are sent by an application on, say, port 55555, I have some rules that DNAT that port to some other port calculated from a time and key based algorithm. That port is recalculated every couple of seconds, and the DNAT rule is replaced. The idea here is to have to port number hop periodically. This all appeared to be working fine, ipta (HowTos)