Page 1 of 1

Question on NAT and routing mark

Posted: Wed Dec 14, 2005 12:41 pm
by Charlie Whiskey
Referring to the last example on this manual page,, I only need to write a masquerade (SNAT) and a routing mark rule to get a computer with a private IP behind the router connected to the outside. How come I don't need a matching pair of rules to cater for the incoming packets as well? Under what circumstances would I NOT need to cater for the returning traffic?

Posted: Thu Dec 22, 2005 5:12 pm
by YazzY
You'd need rules for incoming traffic if you wanted to NAT traffic to an IP behind your gateway.
Otherwise translation of you LAN traffic is done inside of your router so the traffic coming from the LAN side appears as it was coming from the WAN side.
All the established connections from your LAN clients are kept open as long as necessarily and the track of them are kept by the NATing mechanism.