Gabor Fekete wrote:
Hi, I'm writing a C code that sends IP datagrams using a RAW socket. The only problem I have is that it seems that the MASQUERADE rule I have does not apply for the packets sent via this socket. Is it so, that raw sockets bypass iptables? What can I do to make iptables to process these packets?
MASQUERADE leaves packets with saddr=0.0.0.0 pass without SNAT. So that might be the reason. Another possibility is that these packets match an existing connection, the NAT table only sees the first packet of each connection. Third option would be invalid IP headers, but you'd see a message in that case. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
