Hi all I've probed to include -i eth1 on POSTROUTING but it seems to not accept input interface specificaction on POSTROUTING chain so i cant separate local packets from forwarded packets by inspecting that. im going to try marking local packets on FILTER::OUTPUT chain so they get ignored on postrouting chaing. What Chain should i use for this NAT::OUTPUT or FILTER::OUTPUT so it's seen before NAT::POSTROUTING? El Miércoles, 4 de Febrero de 2004 06:54, prabha escribió: > Hi > > > 185K 8942K SNAT all -- * eth0 0.0.0.0/0 > > 0.0.0.0/0 > to:1.2.3.4 > > This rule will change the source address of all the packet going out of > the eth0 interface. (Irrespective of whether they are local packets or > forwarded packets) > > >I thought this happened only if you create such rule on NAT::ouput so > > local > > >connections get natted prior to go out of the box. > > The NAT:OUTPUT chain will do a NAT for local packets (ie) packets > generated by the local machine. > > >Should i change this to: > >-t nat -A POSTROUTING -i eth1 -o eth0 -j SNAT --to-destination:1.2.3.4 > > to > > >avoid local packets getting natted? > > Yes, this should work. > > >and last question: > >All packets leaving routing code (local, forwarded) pass througth > >POSTROUTING chain at nat table or only forwarded packets? > > Yes, all the packets will pass through the POSTROUTING chain. > > Prabha
