>On Thu, Apr 29, 2010 at 6:07 PM, <billprozac@xxxxxxxxx> wrote:
> The echo-reply does not.
>
> On Apr 29, 2010 2:25am, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote:
>> >>the outgoing echo-reply matches to it and thus does
>>
>> > not show up in nat OUTPUT/POSTROUTING.
>>
>>
>>
>> Does echo reply will show up in nat PREROUTING chain ?
>>
>>
>>
>> Thanks,
>>
>> Ratheesh
Is icmp different from other protocol packets ?
My understanding is : - { In a router } whenever a packet hits
PREROUTING chain , a tuple is created and state is made NEW by
conntrack module . When the packet goes out of POSTROUTING chain,
install original and reply direction tuples in hash table . When
reply packet comes back and hits PREROTUING chain , state is made
ESTABLISHED .
So , in icmp , whenever request goes out itself , state will be made
ESTABLISHED ???
Thanks,
Ratheesh
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
