This is one way, but isn't there a more graceful way other than putting duplicate entries in NAT POSTROUTING & mangle POSTROUTING. Thanks On 10/16/06, Gáspár Lajos <swifty@xxxxxxxxxxx> wrote:
Kamal írta: > On 10/15/06, Martijn Lievaart <m@xxxxxxx> wrote: > >> Create a seperate rule in FORWARD that jumps to an empty chain. Put this >> rule before the -m state rule(s). > > I will try to guess that by FORWARD you mean the filter FORWARD chain > (as opposed to mangle FORWARD), & the empty chain that you're > referring to is a user-defined chain, > but I didn't get what you eman by "the -m state rule" since in my > example I didn't use the state module. > > But in any case, doesn't the FORWARD chain only accounts for forwarded > packets through the machine. What about locally generated packets? > > Thanks > Maybe you can use the mangle POSTROUTING chain... Swifty
