File: //usr/share/doc/iptables/html/NAT-HOWTO-8.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.82">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE>Linux 2.4 NAT HOWTO: Caveats on NAT</TITLE>
<LINK HREF="NAT-HOWTO-9.html" REL=next>
<LINK HREF="NAT-HOWTO-7.html" REL=previous>
<LINK HREF="NAT-HOWTO.html#toc8" REL=contents>
</HEAD>
<BODY>
<A HREF="NAT-HOWTO-9.html">Next</A>
<A HREF="NAT-HOWTO-7.html">Previous</A>
<A HREF="NAT-HOWTO.html#toc8">Contents</A>
<HR>
<H2><A NAME="s8">8.</A> <A HREF="NAT-HOWTO.html#toc8">Caveats on NAT</A></H2>
<P>If you are doing NAT on a connection, all packets passing
<B>both</B> ways (in and out of the network) must pass through the
NAT'ed box, otherwise it won't work reliably. In particular, the
connection tracking code reassembles fragments, which means that not
only will connection tracking not be reliable, but your packets may
not get through at all, as fragments will be withheld.</P>
<HR>
<A HREF="NAT-HOWTO-9.html">Next</A>
<A HREF="NAT-HOWTO-7.html">Previous</A>
<A HREF="NAT-HOWTO.html#toc8">Contents</A>
</BODY>
</HTML>