On Mon, 2003-01-20 at 09:05, Ranjeet Shetye wrote: > > Shouldn't be specified an output interface/address with the -o option? > > Moreover, I think that if you want to do source nat, you should do it in the > > POSTROUTING chain. Try this (the existence of another network card eth1 is > > presumed): > > > > iptables -t nat -A POSTROUTING -i eth0 -o eth1 -s 192.168.0.0/24 -j SNAT > > --to-source 196.4.160.2 > > > > -- > > Fabio Corneti > > fabio@gekolab.it > > > > You are right. > > SNAT MUST be done in the POSTROUTING chain. > > Also, it MUST take an outgoing interface. > > The incoming interface MAY BE specified if you have specific needs. This is incorrect. It is correct that SNAT must be performed in the nat/POSTROUTING chain. but it is OPTIONAL to specify an outgoing interface. And you can NEVER specify an incoming interface in POSTROUTING. -- /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience.
