Hi. Is it possible to catch un-DNAT'ed packets with iptables' -j ULOG target? Where does the un-DNAT occurs and is there table/chain that is processed after un-DNAT? The problem I have is that replay packets got catched with real source address, not the one the client has initially connected to. I was catching replay packets in mangle/POSTROUTING. -- Покотиленко Костик <casper@xxxxxxxxxxxx>
