On Thu, Feb 20, 2003 at 09:27:07PM -0800, Christopher Lyon wrote: > Here is the original Packet (Sniffed on ipsec0) > SRC DEST > 192.168.254.100 - 1.2.124.10 current situation. > SRC DEST > 192.168.254.100 - 172.16.124.10 new packet destination ^^^^ > The translation I would image would need to take place before routing > since 1.2.124.0 doesn't live on this box so I would guess the command > would be something like this: > > # iptables -t nat -A PREROUTING -s 1.2.124.10 -i ipsec0 -j DNAT --to > 172.16.124.10 iptables -t nat -A PREROUTING -d 1.2.124.10 -i ipsec0 -j DNAT --to 172.16.124.10 since '-s 1.2.124.10' never matches and you want to alter the dst address, look for the dst address. Gruß/Regards, Willi -- wdyck at gmx dot net
