Thanks for the pointer, it's working now. It was indeed the SNAT that was missing. -- R. On 8/4/05, curby . <curby.public@xxxxxxxxx> wrote: > On 8/4/05, Ricardo J. Méndez <mendezster@xxxxxxxxx> wrote: > > But I 'm testing this from a desktop on the network, not the firewall > > itself. PREROUTING should apply to those packets, correct? > > In that case, the problem you're seeing is exactly that which is > discussed in the HOWTO link I posted last time. It's also explained > by Jason's link. The idea is that packets TO the server are indeed > being correctly mangled by the router, but return packets go directly > from server to client. The client expects the reply from the router, > sees some spurious traffic from the server, and drops the traffic. > > The netfilter list sees some variation of this question once every > week or so. You're definitely not alone. =) > > Another attempt to explain it: > https://lists.netfilter.org/pipermail/netfilter/2005-July/061636.html > -- Ricardo J. Méndez http://ricardo.strangevistas.net/
