Ok, I found an answer here: http://marc.info/?l=linux-net&m=121250207920447&w=2 Ludovico Cavedon wrote: > I am not even sure: > -why does the packet goes thought ip netfilter when is traversing the > bridge? I would expect it to be forwarded at link level from vif246.0 to > brveth0. Than I would expect it to come out from eth0 and go thought > netfilter. > > Is there avoid to avoid the first evaluation of POSTROUTING, or at least > have it evaluated also after forwarding from veth0 to eth0? echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables fixes my problem. Still, I am not sure why evaluating nat POSTROUTING is evaluated only once... Thanks, Ludovico -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
