Hi Pablo,
Thanks a lot for the help.
I did a test replacing the dns dnscrypt-proxy for bind9 and the rule worked.
I asked on the dnscrypt-proxy forum and nobody knows.
The service is configured to listen on [any] and works without port
redirection. If I apply the rule stop listening to ipv6. IPv4 works
perfectly.
Very strange. I will continue bind9 for now. Thanks a lot for the help.
Bruno.
Em 05/10/2022 19:25, Pablo Neira Ayuso escreveu:
Could you check if packets are being marked as invalid by conntrack?
In such case packets get no conntrack entry attached, in such case NAT
cannot be applied.
