Hello, Scott Bronson a écrit : >> Traffic going over loopback seems to be handled in a special way >> with the TRACE target. It's not handled specially /per se/. It's a side effect of how conntrack and NAT work. The conntrack confirm takes place at the end of POSTROUTING, and no new NAT rule can be applied on a confirmed connection. The same applies to packets belonging to an established connection : they all skip the nat chains. The special thing in the loopback path is that there is no need for an input routing decision after PREROUTING. So, what would happen if you could actually DNAT the packet ? > It's considered looped back even though there's never any 127.0.0.1 addresses? 127.0.0.0/8 is reserved for loopback, but loopback is not reserved for 127.0.0.0/8. Any address assigned to a local interface is considered local. Loopback traffic is all that goes through a loopback interface. Check your logs : IN=lo, OUT=lo. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
