I added $IPTABLES -t nat -A POSTROUTING -j SNAT --to-source 10.165.165.165 Now when i ping from 10.51.13.13 on eth0 side to 10.165.1.60 then i can see via tcpdump that on eth1 the 10.165.1.60 is seeking the 10.165.165.165 "arp who-has 10.165.165.165 tell 10.165.1.60" is what i get. So i guess that this means that iptables changed the address ? So the firewall doesn't knows that it converted the ip number before and can't send a reply to the correct ip address where it originally came from How can i make this work so that if i ping to 10.165.1.60 that i can get a reply ? AND that the NAT thing did its work ? And no, i can't use ipforwarding because of a security issue. Regards, --tronstr@xxxxxxxx
