> > That is what I was suspecting... But why is it this way? > NAT isn't done in > > PRE-routing?? > > > de-DNAT is a kind of SNAT (with automatically constructed > rules). As such it's > located in POST-routing (where all SNAT is done). I would > find it better, to > construct the automatic rules in (an) extra chain(s), which > can be called at > convenient places (and if not where it's now) by user rules. > If you could patch > the kernel accordingly it would be the best solution. Another > solution would > be to rely on the "mark connection" feature. Sadly, I'm no kernel hacker and will have to use actual code.. :( - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
