> I've got this command in my script:
> iptables -t nat -A POSTROUTING -o EXTIF -j SNAT --to-source EXTIP
> I've also tried this:
> iptables -t nat -A POSTROUTING -o EXTIF -j SNAT --to-source EXTIP
> iptables -t nat -A POSTROUTING -s 10.200.9.0/24 -o EXTIF -j SNAT --to-source EXTIP
> iptables -t nat -A POSTROUTING -s 10.200.10.0/24 -o EXTIF -j SNAT --to-source EXTIP
If these lines are in your script, what is you FORWARD rule ? Normally a firewall has policy DROP for the INPUT and FORWARD (some also OUTPUT, but not always) chains.
If you have FORWARD policy set to DROP but don't have an ACCEPT for your SNAT rules, they won't work.
When you want to SNAT 10.200.9.0/24 and 10.200.10.0/24 it should look like this (assuming you have policy DROP for the FORWARD chain) :
iptables -t nat -A POSTROUTING -s 10.200.9.0/24 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 10.200.10.0/24 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -A FORWARD -s 10.200.9.0/24 -o $EXTIF -j ACCEPT
iptables -A FORWARD -s 10.200.10.0/24 -o $EXTIF -j ACCEPT
Rob
