>4) client; 192.168.10.100, receives SYN/ACK from 192.168.10.10 and > discards it, as it matches no connection in the SYN_SENT state > (recall that our SYN was sent to 1.2.3.4). Now I get the point of problem. Well, there was *once* implicit SNAT in netfilter (at least in conjunction with IP_NF_NAT_LOCAL) >that the why. the proper way to avoid this is to have people on the >inside connect to 192.168.10.10.
