Apparently flakey behavior with DNAT, SNAT, and masquerading
Thu, 14 Jun 2001 12:51:00 -0400
On Thu, Jun 14, 2001 at 11:59:17AM -0500, Greg Scott wrote:
> I see your point on the allowed chain. I should
> just get rid of the allowed chain and change everything
> everywhere that refers to that to just -j ACCEPT.
> On the SNAT rules, don't I need to translate anything
> outbound destined for my internal IP addresses back to
> the proper public IP addresses?
> > The conntrack of the DNAT takes careof the outgoing
> > packets itself.
> What is a conntrack?
> Also, is there a writeup someplace on how to install and
> use tcpdump?
> - Greg