On Sat, Oct 17, 2020 at 04:39:47PM +0200, Rocky Hotas wrote: > > In general it is best to get packet flow working first and then start caring > > about filtering, but with NAT this is tricky. > > Why is this tricky with NAT? Because when a request exits from the > gateway, it exits from a port determined by the NAT, but when the answer gets > back to the gateway, it is hard to recognize it?
Because you need to get two parts working at the same time, where without NAT you can debug routing first and when that works debug filtering rules. Martin
