SNAT question
Jason Opperisano
opie at 817west.com
Tue Sep 21 15:11:17 CEST 2004
On Sun, 2004-09-19 at 13:10, darmian martinez wrote:
> Alex,
>
> It's doesn't work because NAT rules applies only to new connections, and
> the icmp reply packet is part of an "virtual" established connection.
> This is my original question, how to make a rule that make a NAT to
> a packet that belong to already established connection.
>
> thanks you.
not an answer, but a hint...
if you need to fiddle with packets that are replies to established
connections--investigate the capabilities of the RAW table patch from
POM and its NOTRACK capabilities.
-j
--
Jason Opperisano <opie at 817west.com>
More information about the netfilter
mailing list