Hello, Benedikt Gollatz a écrit :
That's absolutely true. The rule from the FAQ is meant to replace your original rule, exempting proto-41 traffic from masquerading and thus connection tracking.
This idea is totally wrong. Not masquerading a connection has no influence about whether it is tracked or not. As soon as the conntrack is enabled (and it is necessary for NAT/masquerading), all connections are tracked. The only way to prevent a connection from being tracked is to use the NOTRACK target in the 'raw' table, which is not available in standard 2.4 kernels.
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
