SNAT should not be used for MASQUERADING.. it's not advised anyway but still works but who knows what possible problems it may cause. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Matt Hellman [mailto:netfilter@xxxxxxxxxxxxxxxxx] Sent: Friday, May 30, 2003 11:59 AM To: jhime@xxxxxxxxxxxxxx; George Vieira; 'Ray Leach'; 'Netfilter Mailing List' Subject: RE: Problems with NAT never tried it, but why couldn't you just add ACCEPT rules in PREROUTING [before the NAT rule] for each LAN not_to_be_natted? -t nat -A POSTROUTING -s LAN A -d LAN B -j ACCEPT -t nat -A POSTROUTING -s LAN A -d LAN C -j ACCEPT -t nat -A POSTROUTING -s LAN A -d 0/0 -j SNAT --to Firewall_IP_address
