Hi!
Peter Clark wrote:
Thanks Toomas,
It is a matter of my perspective. I was seeing th first:
interface --> NAT --> filter --> OS
and thinking that the NAT had already happened. But because I do not
have an explicit rule on "pass in" (as you have suggested) the packet
was advancing unchallenged to the second side of that equation and the
NAT was happening after the filter.
Actually, it's not because you don't have the "pass in" rule. It's
because most likely you are not running NAT on your internal interface :)
Cheers!
--
Toomas Aas
