Re: NAT PREROUTING chain ignored on returning traffic ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Zoilo wrote:
So why does a returning packet not travel through the NAT PREROUTING chain, whereas a new incoming ping does travel through the NAT PREROUTING chain? Both packets have exactly the same destination, huh? 

The nat table is used to set up the nat mappings for a connection.
Since the nat mappings do not change throughout the life of the
connection, this is only done for the first packet in the connection.
Therefore, the nat table will only see packets that have a state
of NEW or RELATED.

For further evidence of this, notice that the outgoing packet in II)
goes through the nat OUTPUT and POSTROUTING chains, but the outgoing
packet in I) does not.

--
Philip Craig - philipc@xxxxxxxxxxxx - http://www.SnapGear.com
SnapGear - Custom Embedded Solutions and Security Appliances


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux