Ok, On Tue, 2006-03-14 at 18:15 +0200, Erez D wrote: > > but, sipbox -> lan -> eth0 -> ppp0 -> internet : > the outoing packets from ppp0 has the ip 192.168.0.20 which is the ip > of my sipbox > > iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to $my_link2_ip So when traffic leaves the ppp0 interface from 192.168.0.20, it is not being snat'ted to $my_link2_ip. > 10: from all lookup local > 20: from 192.168.0.10 lookup isp2 > 30: from all fwmark 0x990 lookup isp2 > 40: from all lookup main > 50: from all lookup default > > prio 20 works well (SNAT is activated) > prio 30 does not work (routing is ok, SNAT not activated) Now if 30 works that means it is being sent to ppp0. In that case I think it would be worth while to try. iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.20 -j SNAT --to $my_link2_ip or even iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j SNAT --to $my_link2_ip and despite what you might have come across, try iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.20 -j MASQUERADE or iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE You might need a rule like that in conjunction with the other. Putting these before the other. Might even have to add something for the mark as well or in place of a source ip. Otherwise interesting it's being routed out the correct interface without snat. Could also be if it's not hitting he 30 rule, and ppp0 is set as a default gateway in another rule like main or default. That would make more sense than iptables not doing it's job? -- Sincerely, William L. Thomson Jr. Obsidian-Studios, Inc. http://www.obsidian-studios.com _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
