I’ve got packets entering via the lan interface which need to go out the wan interface. Works fine with NAT off, when I put NAT on it’s more difficult. such packets don’t seem to be covered in your flowchart.
Those would be handled by this path:
raw:PREROUTING –> mangle:PREROUTING –> nat:PREROUTING –> mangle:FORWARD –> filter:FORWARD –> security:FORWARD –> mangle:POSTROUTING –> nat:POSTROUTING.
I’ve got packets entering via the lan interface which need to go out the wan interface. Works fine with NAT off, when I put NAT on it’s more difficult. such packets don’t seem to be covered in your flowchart.
Those would be handled by this path:
raw:PREROUTING –> mangle:PREROUTING –> nat:PREROUTING –> mangle:FORWARD –> filter:FORWARD –> security:FORWARD –> mangle:POSTROUTING –> nat:POSTROUTING.