On Wed, Aug 27, 2003 at 08:40:20PM +1000, George Vieira wrote: > You have not used MASQUERADE in your POSTROUTING rules or haven't showed > it.. > > iptables -A POSTROUTING -t nat -p tcp -s 192.168.0.42 -d > 207.106.22.35 --dport 80 -j MASQUERADE > iptables -A POSTROUTING -t nat -p tcp -s 192.168.0.23 -d > 207.106.22.35 --dport 80 -j MASQUERADE > > > without the rules above, the 192.168.0.XX packets leave the network out into > the internet and eventually get dropped by some ISP... Again and again, a correction to the statement above. The ISP's do not drop these packets because the src is private IP. It's the return packets which would be dropped because the "defaultless" core routers don't know where to forward them. Ramin
