unless you have NOTRACK in raw table to specific turned off connection
tracking for forwarding traffic, it be default still being tracked and
DNAT/SNAT auto match will still in effect.
On Thu, Jun 28, 2012 at 10:49 AM, Stefan Bauer <stefan.bauer@xxxxxxxxxxx> wrote:
>
> -----Ursprüngliche Nachricht-----
> Von: Thomas Bätzler <t.baetzler@xxxxxxxxxx>
> Gesendet: Do 28.06.2012 19:44
> Betreff: AW: general question about DNAT-rule
> An: netfilter@xxxxxxxxxxxxxxx;
> CC: Stefan Bauer <stefan.bauer@xxxxxxxxxxx>;
> > Stefan Bauer asked:
> > > This is done internally right? hence i dont see such a rule in the iptables
> > -t nat
> > > -vnL output?
> >
> > Have a look at /proc/net/ip_conntrack, or better yet, install the conntrack
> > utility.
>
> Ok - so it is handled internal. Can i sum this up and keep in mind the following?
>
> A single DNAT-rule is enough on a router to have bi-directional traffic as the required "SNAT-magic"
> is automatically done.
>
> A DNAT and SNAT-rule is required on a device to forward packages to another device because answer packages will not flow through the first device as it is not in the middle like a router?
>
> thank you very much for clarification.
>
> Stefan
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Kernel Development]
[Linux Resources]
[Advanced Routing & Traffice Control]
[Bugtraq]
[Free Internet Dating]
[Yosemite Forum]
[Photos]
