> Everybody is talking about DNS tcp/udp. But I want know how I > can do that my > traffic go to out as my IP_NET and not another IP. I know > that I have to use > SNAT for to do this. > > My problem is that my DNS this going out with IP NAT(Masquerade) > Somebody can help me I thought I did reply to your question. Don't the SNAT/FORWARD rules work ? In your first post you didn't mention any of your FORWARD rules, and I still think you should match your traffic for dport 53 instead of sport 53. Unless ofcourse there's something we don't know because you didn't tell us (do you have a DNS server ? If so ; is your DNS server running on or behind the firewall ?). If you have policy set to DROP for the FORWARD chain then you have to add a rule to allow traffic for port 53/udp/tcp or whatever you want to accomplish. Rob
