Quite possible. For PREROUTING DNAT stuff, I generally recommend specifying -i ppp0 to narrow the rule down even further. That way only DNS requests coming in through the PPP interface get DNAT'ed. Do you have any other POSTROUTING rules? On Fri, 9 May 2003 enjoy.the.silence@xxxxxx wrote: i have the following roules in nat/PREROUTING: Chain PREROUTING (policy ACCEPT 89 packets, 5600 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:webcache to:10.0.6.6:80 0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:domain to:10.0.6.5 3 193 DNAT udp -- any any anywhere anywhere udp dpt:domain to:10.0.6.5 i guess the third one might be the one that is doing the wrong job. although, it should only alter incoming packets on port 53 to my external ip so that they go to the internal box which is running the dns server. it should not touch the source address which will be become the destination address of the dns replies. or am i wrong? thank for now!
