> Why would NATing in both PREROUTING and POSTROUTING > work **only** when I watch it with tcpdump and not work otherwise? I should be more clear. The problem is with internal users looking at internally hosted web and ftp sites using the public IP Addresses. The way you do this is, DNAT the packet in PREROUTING and then MASQUERADE the packet in POSTROUTING. The technique is documented in a howto someplace and I've been doing it for several years at several sites. At this particular site, all worked fine until I replaced the old firewall with a new one. Now it only works properly when I watch the conversation the tcpdump. I'm not making this up. - Greg Scott -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
