Closed ykhacha closed 6 years ago
dealfonso
commented
7 years ago that rule enables that the traffic that goes from the internal network to the outern network, which is not related to DNAT, is accepted as is. Otherwise it will need to pass through the other ipfloater-POSTROUTING rules, which are dedicated to DNAT.
ykhacha
commented
7 years ago Thank you for your reactivity, i asked this question because this rule is blocking me to reaching the outern network from the the internal network, and when i delete it the traffic pass correctly
dealfonso
commented
6 years ago Hi, sorry for the delay, but when you asked about it I did not understand what you meant. Not I realized about this bug and it has been corrected. You were right, and the correct rule was:
-A ipfloater-POSTROUTING -m conntrack ! --ctstate DNAT -j RETURN
Now iplofater generates the correct rule.
Hello, can you please explain to me the role of this rule ?