On Tuesday 17 February 2004 7:29 pm, Ben Goedeke wrote:
> To make the move as painless as possible for the users I want to keep
> the DNAT rules for a while (and point them to the new IP of the mail
> servers).
>
> Now for my question: Do I need to add an SNAT rule in POSTROUTING to
No.
> handle responses from the mail servers or is it enough to have the DNAT
> rules in PREROUTING?
Yes.
> And if I indeed need an SNAT rule how can I
> possibly distinguish packets that belong to connections that were DNATed
> when they came in and those that weren't and had the right destination
> IP all along?
No problem (see above).
Regards,
Antony.
--
What makes you think I know what I'm talking about?
I just have more O'Reilly books than most people.
Please reply to the list;
please don't CC me.
