IP forwarding
Ricardo J. Méndez
mendezster at gmail.com
Fri Aug 5 00:20:30 CEST 2005
Thanks for the pointer, it's working now. It was indeed the SNAT that
was missing.
-- R.
On 8/4/05, curby . <curby.public at gmail.com> wrote:
> On 8/4/05, Ricardo J. Méndez <mendezster at gmail.com> wrote:
> > But I 'm testing this from a desktop on the network, not the firewall
> > itself. PREROUTING should apply to those packets, correct?
>
> In that case, the problem you're seeing is exactly that which is
> discussed in the HOWTO link I posted last time. It's also explained
> by Jason's link. The idea is that packets TO the server are indeed
> being correctly mangled by the router, but return packets go directly
> from server to client. The client expects the reply from the router,
> sees some spurious traffic from the server, and drops the traffic.
>
> The netfilter list sees some variation of this question once every
> week or so. You're definitely not alone. =)
>
> Another attempt to explain it:
> https://lists.netfilter.org/pipermail/netfilter/2005-July/061636.html
>
--
Ricardo J. Méndez
http://ricardo.strangevistas.net/
More information about the netfilter
mailing list