On Sun, 2012-01-01 at 11:12 -0600, Lloyd Standish wrote: > I would like to know why SNAT without packet marking drops the > connections for interfaces that have "upstream NAT," while the fwmark > method succeeds. I can't answer this, but on your other comment... > As a related aside, I'd appreciate comments on whether or not the "-p > tcp" in the following example rule is advisable (I omitted "-p tcp" > from my SNAT rules.): iptables -t nat -A POSTROUTING -p tcp -o eth0 -j > SNAT --to-source 194.236.50.155 Well, I never put a -p tcp in SNAT for any of my configurations. I'm not sure why you would want to limit SNAT to just TCP? Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
