I am trying to perform NAT using iptables 1.2.7a on packets coming from the ipsec0 interface. Here is the config of the host in question eth0 - x.x.x.x (public) eth1 - 172.16.124.10 ipsec0 (FreeS/WAN) Here is the original Packet (Sniffed on ipsec0) SRC DEST 192.168.254.100 - 1.2.124.10 SRC DEST 192.168.254.100 - 172.16.124.10 The translation I would image would need to take place before routing since 1.2.124.0 doesn't live on this box so I would guess the command would be something like this: # iptables -t nat -A PREROUTING -s 1.2.124.10 -i ipsec0 -j DNAT --to 172.16.124.10 I can't seem to get this to work? I am missing something. I have tried many combinations of commands but I think the command above should do it. Any suggestions? Here is a netstat -rn from the host in question Destination Gateway Genmask Flags MSS Window irtt Iface x.x.x.x 0.0.0.0 255.255.255.192 U 40 0 0 eth0 x.x.x.x 0.0.0.0 255.255.255.192 U 40 0 0 ipsec0 172.16.124.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.254.0 66.167.5.126 255.255.255.0 UG 40 0 0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 66.167.5.126 0.0.0.0 UG 40 0 0 eth0
