curby.public at gmail.com
Thu Aug 4 23:33:36 CEST 2005
On 8/4/05, Ricardo J. Méndez <mendezster at gmail.com> wrote:
> But I 'm testing this from a desktop on the network, not the firewall
> itself. PREROUTING should apply to those packets, correct?
In that case, the problem you're seeing is exactly that which is
discussed in the HOWTO link I posted last time. It's also explained
by Jason's link. The idea is that packets TO the server are indeed
being correctly mangled by the router, but return packets go directly
from server to client. The client expects the reply from the router,
sees some spurious traffic from the server, and drops the traffic.
The netfilter list sees some variation of this question once every
week or so. You're definitely not alone. =)
Another attempt to explain it:
More information about the netfilter