More on conntrack + NAT + mangle/nat tables

Lluís Batlle viriketo at gmail.com
Wed Jul 6 12:20:49 CEST 2005


Oh, my fault. :) I mislooked at the diagram :) Everything is fine, so,
about nat + mangle tables.
So, I think conntrack NAT happens after the mangle POSTROUTING chain.
So, after routing.

Thanks :)

On 7/6/05, Jörg Harmuth <harmuth at mnemon.de> wrote:
> packet flow is:
> 
> ... --> [mangle:POSTROUTING] --> [nat:POSTROUTING]
> 
> So, all packets arrive in mangle:POSTROUTING with their source address
> unchanged. DNAT - if configured - is already applied to the packet.
> 
> If I'm telling old stories now, forget it, but you can modify this
> script to fit your needs:
> 
> http://iptables-tutorial.frozentux.net/scripts/rc.test-iptables.txt
> 
> Following the log (and /proc/net/ip_conntrack) you see the packet flow
> in detail. And you see when [S|D]NAT ist applied.



More information about the netfilter mailing list