Hello list. I may become crazy without your help. I'm not nubie, but... All worked with 2.4 kernel, but when I have to move to 2.6.8.1 it's not. I'm using "ip route nat 231.222.222.111 via 172.16.1.13" to substitute inet address 231.222.222.111 on 172.16.1.13 during routing. Look at the output: _____________ myhost log # ip route list table local broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 local 172.16.0.1 dev eth1 proto kernel scope host src 172.16.0.1 broadcast 172.16.0.0 dev eth1 proto kernel scope link src 172.16.0.1 broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111 broadcast 231.222.222.111 dev eth0 proto kernel scope link src 231.222.222.111 local 231.222.222.111 dev eth0 proto kernel scope host src 231.222.222.111 broadcast 172.16.255.255 dev eth1 proto kernel scope link src 172.16.0.1 broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 nat 231.222.222.111 via 172.16.1.13 scope host local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 myhost log # ip rule 0: from all lookup local 323: from 172.16.1.13 lookup main map-to 231.222.222.111 32766: from all lookup main 32767: from all lookup default _______________________ So I'm trying to translate local address 172.16.1.13 on 231.222.222.111. And that was working under 2.4 kernel. But now I have to move to 2.6 kernel and now it's not working. I've used this commands: ip route add nat 231.222.222.111 via 172.16.1.13 ip rule add prio 323 from 172.16.1.13 nat 231.222.222.111 !!! To be sure that it is kernel problem I've added this two rules in my FORWARD chain in the very beginning: iptables -I FORWARD -s 172.16.1.13 -j LOG iptables -I FORWARD -d 231.222.222.111 -j LOG Look I have packets that should not be there: Oct 27 00:30:04 rcline IN=eth1 OUT=eth0 SRC=172.16.1.13 DST=64.12.161.185 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=43039 DF PROTO=TCP SPT=1923 DPT=5190 WINDOW=65535 RES=0x00 SYN URGP=0 Oct 27 00:30:04 rcline IN=eth0 OUT=eth1 SRC=83.102.131.142 DST=231.222.222.111 LEN=84 TOS=0x00 PREC=0x00 TTL=59 ID=2990 DF PROTO=ICMP TYPE=8 CODE=0 ID=22310 SEQ=2991 No substitution of niether destination, nor source adresses!!! Please help me to make this working. I've tried 2.6.9 kernel, but It seems there is no "IP: fast network address translation". Why. Is feature already deprecated? Some advices how to solve this problem are very welcome. Sorry for my bad English, it is not my native language. Thank you for your reading of this cry for help. If you have any ideas... they are welcome... _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/