From mboxrd@z Thu Jan 1 00:00:00 1970 From: ratheesh k Subject: Re: NAT table bypass for local traffic Date: Thu, 29 Apr 2010 11:55:18 +0530 Message-ID: References: Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=1ed/XRUWN+M1IDFwveqmaNCHgAzq7StUYgOpOkIrOcM=; b=FS03nln9bmi6cdsA/+rUjsZXdLIVbcM1MbpNNOGgoigeHIGwavOI/wjeMmotmmaSQ+ m5hSKG2OXpT09Y+Wq/V+4Jrb+GEEr/qtUPWlu+AlU+NVyVYUx7T3kHvnXB5tq2kbHfFd LguI7qo9HvS7VR7NDeOq3AMh3P1kcDvaprUCg= In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="iso-8859-1" To: Sven-Haegar Koch Cc: Bill Prochazka , Jan Engelhardt , Steve Fink , netfilter@vger.kernel.org >>the outgoing echo-reply matches to it and thus does > not show up in nat OUTPUT/POSTROUTING. Does echo reply will show up in nat PREROUTING chain ? Thanks, Ratheesh On Thu, Apr 29, 2010 at 2:25 AM, Sven-Haegar Koch wr= ote: > On Wed, 28 Apr 2010, Bill Prochazka wrote: > >> A more simple example is that ICMP echo requests >> go out the nat table's output chain, but ICMP echo replies do not. > > The incoming ICMP echo-request (should be visible in PREROUTING) sets= up > a conntrack entry, the outgoing echo-reply matches to it and thus doe= s > not show up in nat OUTPUT/POSTROUTING. > > c'ya > sven-haegar > > -- > Three may keep a secret, if two of them are dead. > - Ben F. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" = in > the body of a message to majordomo@vger.kernel.org > More majordomo info at =A0http://vger.kernel.org/majordomo-info.html >