On Mon, Oct 07, 2002 at 05:43:33PM +0200, Reckhard, Tobias wrote:
And I always forget which chains do SNAT and DNAT respectively, PRE- or POSTROUTING. I keep going to the HOWTO just to check up on that. I should write it on a post-it and stick that to my monitor...
DNAT -> PREROUTING: you change the DESTINATION of a packet, so you MUST alter it BEFORE you route it (cause if you route it first and you have it on the outgoing chain you have to reinject it...) SNAT -> POSTROUTING: after you route it sucessfully, change the source. If you change it before, you'll lost the information where to go if it is rejected while routing it around maybe that helps you a bit to remember :)
thanks for correction!
Sure, no thing. Glad you're not offended. :-)
never :) HTH