Some years ago when I asked Rusty about SNAT in PREROUTING, his answer was that it'd confuse the routing. I still don't know what exactly the problem could be, though. This is where the thread starts: http://lists.netfilter.org/pipermail/netfilter/2001-May/010686.html Ramin On Tue, Dec 23, 2003 at 06:44:48PM -0500, John A. Sullivan III wrote: > For the ISCS project, we need to be able to change the source address > of a packet before a routing decision is made. It would appear that the > SNAT target can only be used in the POSTROUTING nat table chain. As we > mentioned in an earlier post, we are facing some complications when > trying to do this with iproute2. Is there any other way to change the > source address (especially if we can do it statefully) in the PREROUTING > chains of either mangle of nat? Thanks - John > -- > John A. Sullivan III > Chief Technology Officer > Nexus Management > +1 207-985-7880 > john.sullivan@xxxxxxxxxxxxx > --- > If you are interested in helping to develop a GPL enterprise class > VPN/Firewall/Security device management console, please visit > http://iscs.sourceforge.net >
