On Monday 17 February 2003 11:11 am, Andreas Meyer wrote: > Hello! > > Running fetchmail from the mailserver behind the firewall I have > the problem to go to the WAN. > iptables -t nat -A PREROUTING -p TCP --dport 110 -m state --state > NEW,ESTABLISHED,RELATED -j DNAT --to 0.0.0.0:110 > > I get a > kernel: martian destination 0.0.0.0 from 192.168.1.3, dev eth0 You don't want to DNAT outgoing - that changes the destination IP, which has to be a valid IP. (0.0.0.0 isn't a valid destination, hence the "martian" error) Outbound connections going TO dport 110 should be left alone, or SNATted if necessary. They should already have a valid destination IP. j
