Jan Engelhardt wrote: >> Is it possible to know if a packet passing through my router is (s)natted? > > I think `-m conntrack --ctstate SNAT` should do that. > >> And the original (s)natted IP? > > For userspace there's a getsockopt() call that you can use to find out. That getsockopt() interface is deprecated. If you're in userspace, better use the libnetfilter_conntrack library. It has a function to check if a conntrack has been snatted. -- The dawn of the fourth age of Linux firewalling is coming; a time of great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris