On 07/17/2005 08:09:02 AM, Michael Weiser wrote:
Do you or anyone else know the
rationale
behind rdr not working for locally originating packets?
I'll hazard a couple of guesses.
When rdr works only on packets inbound on an interface
there's no possibility of getting infinite loops.
In conjunction with this there's no "in" or "out"
in the rdr syntax. If rdr worked
outbound then an outbound rdr without an "on" to specify
an interface would make packets loop forever.
Outbound rdr is only useful when you've locally
originating packets, at which point you can
do what you want to the application to make
it behave anyway.
Having said all that, it seems that perhaps
you don't need outbound rdr because you can use
a filter rule with a "route-to" instead.
My brain's a bit slow right now. I can imagine
that there could be trouble with spoofing rules,
or maybe routing somehow when it comes time
to get the response datagram. But this sounds
plausable.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
