On 22/07/17 01:54, Eliezer Croitoru wrote: > It's not the MASQARADE that is bad.... > It's the DNAT rule which removes the original destination ip and port. > I fail to see how NAT behaving as NAT always has done makes those articles *about NAT features* "aren't up-to-date and are misleading admins" Amos