On Fri, Mar 03, 2006 at 02:47:23PM +0100, a b wrote: > >The NAT seems to not be happening before the filtering, because I'm > >getting: > > Correct me if I'm wrong, but isn't that the way it's supposed to work?
Well, it *may* be, but if that's the case, then the previous version I'm using is broken, because it allows that scenario. I would think NAT should happen first anyway, because all the traditional firewall rules where you disallow private (non-routable) IP traffic out via the public interface would break anytime NAT was in use. This could certainly be a misunderstanding on my part, however. Another thing which I forgot to mention is that I did disable the firewall entirely to test the NAT functionality. Predictably, there were no messages about the packets being blocked, but there was no connectivity, either. It looks like the packets were never rewritten from the private IP address, were sent out the public ethernet interface, and disappeared (which makes sense, because they have no way of getting back as they're coming from a non-routable source IP)... -- Paul H. Yoshimune [EMAIL PROTECTED]
