Hello, Sven. Seems like OK, but you should add iptables -t raw -A OUTPUT -j CT --notrack to prevent of tracking of the local originated traffic. 2014-04-21 19:45 GMT+04:00 Sven Köhler <sven.koehler@xxxxxxxxx>: > Am 21.04.2014 17:56, schrieb Sven Köhler: >> I know have the following three rules: >> >> iptables -t raw -A PREROUTING -d <router-ip> -j CT >> iptables -t raw -A PREROUTING -s <router-ip> -j CT >> iptables -t raw -A PREROUTING -j CT --notrack > > Correction: > iptables -t raw -A PREROUTING -d <router-ip1> -j CT > iptables -t raw -A PREROUTING -d <router-ip2> -j CT > iptables -t raw -A PREROUTING -j CT --notrack > (again no rules in the OUTPUT chain of the raw table) -- Anton. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
