On Tue, January 18, 2005 3:52 pm, Ulysses Almeida said: > Hmm. the NAT/SNAT is working fine, when I recive the SMTP answer > (LOG on PREROUTING and INPUT of filter, nat and mangle) the packet > arrives with the correct ip on dst addr. But I can only see it, on > mangle PREROUTING, but can't on other hooks. I don't know if it is > related with some sanity check or checksum.... > > That's another doubt, dos nat PREROUTING called with syn+ack > packets, or only with sym packets? the nat table is special, it only sees the first packet of a connection. All other subsequent packet of this connection get verdict via the conntrack. (bypass NAT chains) > > -- > - Ulysses Almeida > > Samuel
