Hi, On Fri, Jan 10, 2014 at 12:02 AM, Chris Frederick <cdf123@xxxxxxxxxx> wrote: > When you say "established connection" are you talking TCP level established > connection, or is this from contrack identifying the connection? I guess > what I'm asking is if doing a NOTRACK in raw would allow the packets through > and still pass through nat/POSTROUTING? Sorry for not being accurate, I meant established as in an established mapping. If you use NOTRACK, I believe packets skip conntrack and thereby the NAT table altogether. > I did see that they are hitting the POSTROUTING chain in the mangle table, > but I can't SNAT from there. Does xtables-addons provide this? I'll > probably start looking there. Yes, xtables-addons used to provide this in the RAWDNAT/SNAT targets. I am not sure why there were removed, but the modules compile fine so keeping an out-of-tree patch is no problem, at least for now. -Kristian -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
