You are correct. Leaving the catch-all srcnat and removing the two below didn't influence the dst nat ones, and I continue to capture the DNS requests of a very misbehaved appliance in my network.Default masquerade rule catches all, so nothing will go to next srcnat rules. Perhaps these srcnat rules are not needed, only dstnat rules?
Statistics: Posted by tunguskalabs — Tue Feb 06, 2024 1:06 am