On Friday 01 November 2002 03:58 am, Antony Stone wrote: > On Friday 01 November 2002 6:08 am, Joel Newkirk wrote: > > Question to list: At what point in its own travels does the returnin= g > > packet get automatically un-DNATed? Prerouting again? > > No, it happens in POSTROUTING - because it is then a SNAT operation. > > Useful rule of thumb - in the FORWARD chain, all packets have their "re= al" > IP addresses. > > That's because DNAT rules have already happened in PREROUTING, so packe= ts > now have the destination address of the machine they're really being se= nt > on to, and SNAT rules have not yet happened in POSTROUTING, so packets > still have the source address of the machine they really came in from. Is there any chance then of interference from a masquerade rule in postro= uting? Or do the automatic reversals take precedence? j
