I got an iptables script for a NAT-ing firewall that forwards packets between Internat and a private LAN. All incoming packets are destination NAT'd to end up at a single server on the private LAN. **I don't understand how ANY packets can ever arrive at ANY other PC on the private LAN since they are ALL destination NAT'd to go to same private server IP address!?!?** If some arbitrary client on private LAN wants to visit a web page, somehow his traffic arrives back at himself without any specific NAT rules to get packets to him!?? I know it has something to do with ESTABLISHED,RELATED state ACCEPT-ing rules but this has always confused me. Do you understand the question? Any help greatly appreciated. Sincerely, Chris
