unless you have NOTRACK in raw table to specific turned off connection tracking for forwarding traffic, it be default still being tracked and DNAT/SNAT auto match will still in effect. On Thu, Jun 28, 2012 at 10:49 AM, Stefan Bauer <stefan.bauer@xxxxxxxxxxx> wrote: > > -----Ursprüngliche Nachricht----- > Von: Thomas Bätzler <t.baetzler@xxxxxxxxxx> > Gesendet: Do 28.06.2012 19:44 > Betreff: AW: general question about DNAT-rule > An: netfilter@xxxxxxxxxxxxxxx; > CC: Stefan Bauer <stefan.bauer@xxxxxxxxxxx>; > > Stefan Bauer asked: > > > This is done internally right? hence i dont see such a rule in the iptables > > -t nat > > > -vnL output? > > > > Have a look at /proc/net/ip_conntrack, or better yet, install the conntrack > > utility. > > Ok - so it is handled internal. Can i sum this up and keep in mind the following? > > A single DNAT-rule is enough on a router to have bi-directional traffic as the required "SNAT-magic" > is automatically done. > > A DNAT and SNAT-rule is required on a device to forward packages to another device because answer packages will not flow through the first device as it is not in the middle like a router? > > thank you very much for clarification. > > Stefan > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
