Steven Kath a écrit : > > Unless I'm mistaken, the "inverse NAT" is part of the conntrack set of > functions. Unless I'm mistaken, the direct and inverse NAT is performed in the nat hooks, called after the mangle chains. Destination NAT is performed in the PRE_ROUTING or LOCAL_OUT (OUTPUT) hook, and source NAT is performed in the POST_ROUTING or LOCAL_IN (INPUT) hook. > The conntrack table contains both the pre-NAT and post-NAT > address:port pairings, Yes, but AFAIK this is only used for connection tracking purpose, so that packets in the original and reply directions can be related to the conntrack entry. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
