Hello,
does anybody have an example of using synproxy with NAT, especially
docker containers?
I tried putting this statement in my forward chain, but then nothing
gets through:
chain forward {
type filter hook forward priority -1
tcp dport 443 synproxy mss 1460 wscale 7 timestamp sack-perm
ct state invalid drop
policy accept
}
I would imagine it makes most sense to put it in the prerouting chain,
so it's applied before NAT, but that is apparently not allowed.
Any pointers appreciated.
Thanks,
Devin
