Le sam 31/01/2004 à 20:22, Carl Farrington a écrit : > Guess I should read up on netfilter quite a bit more. So the state table > is an automagic thing that re-writes the return packets.. thanks. Yes, because deNAT is handle through conntrack, prior to anything else. Netfilter's NAT is very bound to conntrack as you can see. That's why unNATing rules are not necessary. Moreover, once a packet has been NATed, no other packet belonging to this very connection will go through nat table. Which means you only see the very first packet of each connection in nat table. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
