I haven't tried but maybe you can use the LOG-target in PRE/POSTROUTING. You will see which source and destination the packets have.
Willi
--__--__--
Message: 5
Date: Tue, 25 Feb 2003 16:59:57 +0000 (GMT)
From: "J. A. Landamore" <jal@mcs.le.ac.uk>
Reply-To: "J. A. Landamore" <jal@mcs.le.ac.uk>
Subject: De-SNAT-ing and DNAT
To: netfilter@lists.netfilter.org
Please excuse my ignorance with this, but I'm trying to pick the bones out of an iptables configuration that has been dropped in my lap.
I have a lan of machines on a 192.168. network with an iptables box to the real world. If I apply SNAT I can map all the internal addresses to the one real world facing assigned address. I assume that when packets come back they are "de-SNAT"ed before passing back onto the private lan, and that this happens in the "PREROUTING" path. My question is, does the "de-SNAT" happen before or after the "PREROUTING" DNAT?
Why, because I need to make a DNAT decision based on the original _source_ address, i.e. which machine originally sourced the packet.
Thanks for your help
John Landamore
