Hello! > > -A PREROUTING -s 192.168.0.0/16 -d 192.168.1.1 -j ACCEPT > > > > Shouldn't all packets, including ICMP packets, get passed through to > > 192.168.1.1 if originating from the local network? > > Not necesarily. > Even if you pass the packet in nat table, you still might drop it in > filter table. I know the ACCEPT target may be used in every (?) table, > but it's a matter of good practice to filter packets in filter tables > and nat in nat tables and so on. So I would suggest moving this from nat > table to filter table and from PREROUTING to FORWARD. Good point... I'll do just that. Thanks!! BTW, where can I find out more about "good practices"?
