On Sun, 2004-09-19 at 13:10, darmian martinez wrote: > Alex, > > It's doesn't work because NAT rules applies only to new connections, and > the icmp reply packet is part of an "virtual" established connection. > This is my original question, how to make a rule that make a NAT to > a packet that belong to already established connection. > > thanks you. not an answer, but a hint... if you need to fiddle with packets that are replies to established connections--investigate the capabilities of the RAW table patch from POM and its NOTRACK capabilities. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
