David Leangen napisał(a):
Could somebody please confirm whether or not I'm doing this right?
I am using, in my nat table:
-A PREROUTING -s 192.168.0.0/16 -d 192.168.1.1 -j ACCEPT
Shouldn't all packets, including ICMP packets, get passed through to
192.168.1.1 if originating from the local network?
Not necesarily.
Even if you pass the packet in nat table, you still might drop it in
filter table. I know the ACCEPT target may be used in every (?) table,
but it's a matter of good practice to filter packets in filter tables
and nat in nat tables and so on. So I would suggest moving this from nat
table to filter table and from PREROUTING to FORWARD.
