IP forwarding

Ricardo J. Méndez mendezster at gmail.com
Fri Aug 5 00:20:30 CEST 2005


Thanks for the pointer, it's working now.  It was indeed the SNAT that
was missing.


-- R.

On 8/4/05, curby . <curby.public at gmail.com> wrote:
> On 8/4/05, Ricardo J. Méndez <mendezster at gmail.com> wrote:
> > But I 'm testing this from a desktop on the network, not the firewall
> > itself. PREROUTING should apply to those packets, correct?
> 
> In that case, the problem you're seeing is exactly that which is
> discussed in the HOWTO link I posted last time.  It's also explained
> by Jason's link.  The idea is that packets TO the server are indeed
> being correctly mangled by the router, but return packets go directly
> from server to client.  The client expects the reply from the router,
> sees some spurious traffic from the server, and drops the traffic.
> 
> The netfilter list sees some variation of this question once every
> week or so.  You're definitely not alone. =)
> 
> Another attempt to explain it:
> https://lists.netfilter.org/pipermail/netfilter/2005-July/061636.html
> 


-- 


Ricardo J. Méndez
http://ricardo.strangevistas.net/



More information about the netfilter mailing list