From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bill Prochazka <billprozac@gmail.com>
Subject: NAT table bypass for local traffic
Date: Wed, 28 Apr 2010 13:19:48 -0400
Message-ID: <n2h812495871004281019nb633c037i7dc04336bc47bd59@mail.gmail.com>
Mime-Version: 1.0
Return-path: <netfilter-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:date:message-id
         :subject:from:to:content-type;
        bh=acaLf06+IkNjpSmatVX2oFf5Kd6vTWtRJcT+DtMEzpQ=;
        b=Dx2/a1AtAEO/gxgwbXW/Imljz5tj6fJ8KqpjGdvmbgOOPyjPai6ouI138Wc/XQvIi4
         tMkBoF5ftFbLUFqEOH3tjOA9aH0MsAsrfk/7B8q9H6F9rFcfkJtnX+t/luXyxEjdodCi
         74Zohj/CSG4D/11a+IwdqVKcqk5pX4fR49F0I=
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: netfilter@vger.kernel.org

So, I have an interesting observation.  I am doing some wonky fun
stuff with iptables and have noticed that traffic generated by a host
on an existing connection, is bypassing the NAT table for processing.
I ran netcat listenening on a host and log all traffic on the OUTPUT
and POSTROUTING chains.  When I connect from another host, the traffic
is not processed by those chains.  However, if I initiate a connection
from that host, the chains are processed appropriately.  Is this by
design or is this a bug?  The traffic does pass through the mangle
table, just not the NAT table.  Anyone ever encounter something like
this?  I have verified this on both CentOS 5.4 (2.6.18) and busybox
(2.6.27).

Bill