> I want when to request internal 192.168.0.1:53 he leaves how > ip external > 200.200.200.1:53 > I tried to do that. But no this working > iptables -t nat -I POSTROUTING -p udp -s 192.168.0.1 --sport 53 -j > SNAT --to-source 200.200.200.1:53 I don't know if dns traffic is always sent *from* 53/udp, but I do know it is always sent *to* 53/udp. Do you have a default policy set to DROP in the FORWARD chain ? Something like this should do the trick I think : # iptables -A FORWARD -s 192.168.0.1 -p udp --dport 53 -o <eth-out> -j ACCEPT # iptables -t nat -A PREROUTING -s 192.168.0.1 -p tcp --dport 53 -j SNAT --to-source 200.200.200.1 Rob
