Just looking at iptables. Normally a reply to a masq'd packet coming into the network will have the destination IP of the g/w. So if the NAT for masq is done in POSTROUTING (after filtering) do I need to except INPUT packets to ports in the masquerading range (~61000:65535 ????) ? The Linux 2.4 Packet Filtering HOWTO appears to suggest that I can ignore the fact that I'm nat'ing and use forwarding rules for packets being masq'd and de-masq'd and that I do not need to worry about INPUT for packets that are going to my masq'd range. Have I understood this correctly ? thanks, Wilson P.S. I'm not subscribed here. Can you reply to: research at mclachlan dot com dot au
