On Wed, Jan 16, 2002 at 01:54:05PM -0300, Martin Ferrari - Decidir IT wrote:
> > Of course it "ignores" your source address tables. The rules that DNAT
> > constructs for replies are applied *after* checking your
> > source address tables.
> > So at this time you have not yet the new source address in
> > your packet.
> That is what I was suspecting... But why is it this way? NAT isn't done in
de-DNAT is a kind of SNAT (with automatically constructed rules). As such it's
located in POST-routing (where all SNAT is done). I would find it better, to
construct the automatic rules in (an) extra chain(s), which can be called at
convenient places (and if not where it's now) by user rules. If you could patch
the kernel accordingly it would be the best solution. Another solution would
be to rely on the "mark connection" feature.
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
This archive was generated by hypermail 2b29 : Wed Jan 23 2002 - 21:01:13 EST