On Wednesday 2011-07-27 09:44, Olshvang, LevX wrote: >Hi all, > >I am porting DD-WRT port trigger implementation taken from DDWRT >project. The logic of port trigger says : wait for somebody from LAN >(br0 interface) to send tcp packed to port 6889 to Internet peer. Then >Internet peer replies by sending packet to related port 9881 and >firewall makes dnat translation. DDWRT's xtables stack has been left behind 3 years ago and then agglomerated with weird extra components with questionable uses, including, but not limited to, ipt_TRIGGER, which is not even documented to begin with, so chances for any explanations are quite dim. >The last command inserts rule into nat table, and the trigger >implementation code gives an error if a mangle table is used instead. >The question is why ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
