On Tue, Dec 17, 2019 at 04:52:47PM +0800, wenxu@xxxxxxxxx wrote:
> From: wenxu <wenxu@xxxxxxxxx>
>
> For dnat:
> The original dir maybe modify the dst port to src port of reply dir
> The reply dir maybe modify the src port to dst port of origin dir
>
> For snat:
> The original dir maybe modify the src port to dst port of reply dir
> The reply dir maybe modify the dst port to src port of reply dir
Good catch.
Probably this description is better, and good for the record:
SNAT after mangling
original A -> B => _FW_ -> B
reply B -> FW => B -> _A_
DNAT after mangling
original A -> FW => A -> _B_
reply B -> A => _FW_-> A
This patch is also fixing incorrect 7acd9378dc652 BTW.
Thanks.
