well. i ment the ip i got from my isp is aaa.aaa.aaa.aaa, not the local net one, sorry i do not use MASQ. as this did not function well before, and the faq said to preffer SNAT i have 2 outgoing internet connections, one via pptp (ppp0), one via router (eth1) i also got a local network - eth0 eth1 is 10.0.0.2 connectod to a router which is 10.0.0.1 ppp0 is aaa.aaa.aaa.aaa ptp to ccc.ccc.ccc.ccc eth0 is 192.168.0.254/24 thanks erez. On 3/14/06, Ethy H. Brito <ethy.brito@xxxxxxxxxxxx> wrote: > On Tue, 14 Mar 2006 12:18:57 +0200 > "Erez D" <erez0001@xxxxxxxxx> wrote: > > > snat not working > > Yes it is. Not the way you want, but it is!! > > > > > my local ip is aaa.aaa.aaa.aaa > > asterisk sitting on the internet at ip bbb.bbb.bbb.bbb > > my firewall's internal ip is 192.168.0.254 > > > > > i did snat: > > > > iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa > > > You must SNAT wit the EXTERNAL IP of you router not the internal one to achieve > the effect you want. > > And since you are unsing ppp, I advise you to use MASQUERADE instead SNAT. > > Regards > > -- > > Ethy H. Brito /"\ > InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML > +55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL > S.J.Campos - Brasil / \ > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
