On Wednesday 10 July 2002 4:10 pm, Joe Patterson wrote: > > > <[EMAIL PROTECTED]> wrote:
> > Oh. I knew you couldn't use -o in PREROUTING, because the routing > > hasn't been done yet, but I would have thought that POSTROUTING would > > remember where the packet came in from ? > > Yeah, that's always bothered me too. I'm sure there's a good reason, but > it doesn't make sense to me. > > The way around it, of course, is to set a mark in mangle/PREROUTING on > the -i interface, then check the mark in nat/POSTROUTING. Alternatively, > you can of course use -s $INTERNAL_NET Using -s is easy enough for the internal network, but a bit bothersome for the external network (!), so I like the suggestion for marking packets in the mangle table and then checking the mark later on.... Antony.
