On May 12, 2011, at 4:23 PM, Mr Dash Four wrote: > >> Okay, thanks for testing. I'll modify my patch as you suggest. >> > OK! One more query: On one of my machines I do SNAT. What source should > I specify when using this in tcrules - the original IP address or the > one I changed it to? In other words, what should I use: the "SOURCE" or > the "ADDRESS" column (from the masq file) when creating rules in tcrules > (also bearing in mind that I use classes and not marks)?
There is no Netfilter hook called after the SOURCE address has been re-written by SNAT/MASQUERADE rules. So all netfilter rules must use the original SOURCE address. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
