Re: DNAT Issue (Can the source address be internal?)

 When you 'allow all' on a given port (from Internet) there's no way to determine an attacker from a non-attacker. That is, unless you're using an IDS or some kind of active black/white list (which I'm not). So for something like ssh you create a few more mechanisms to discriminate against authorized or unauthorized access. That's where you use PKI instead of passphrase, MFA, and other methods I'm not going to list here. 

The way I'm using hosts.allow isn't intended to discriminate against outside traffic. It's to eliminate potenital access from all other devices in my network other than the address 192.168.1.1 

But my question wasn't about the validity, lucidity, or soundness of this design. I posted a question about how NAT might accomodate it. 

It seems regardless which 'Outbound interface' I use with SNAT I can't get a successful or unsuccessful connection. The SNAT rule never fires. 

When I packet sniff on eth0 (Internet) I just see this repeated:

19:40:26.451689 IP 217.217.217.217.55891 > 75.75.75.75.246: Flags [S], seq 645529430, win 65535, options [mss 1240,nop,wscale 5,nop,nop,TS val 660709098 ecr 0,sackOK,eol], length 0

Is anyone using SNAT to rewrite an address or port from an external network to internal?