Ah, OK - so I need to do a SNAT rule for JUST that host? Never read about DNAT and SNAT - although I did consider it to be a logical way of dealing with it... -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Antony Stone Sent: 11 December 2003 4.31 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: dnatted interface showing up as FW interface On Thursday 11 December 2003 4:20 pm, Knight, Steve wrote: > Why would an address that DNATs quite happily inbound > > 217.x.x.138 -> 192.168.1.2 > > show up as the router address when performing outbound traffic - for > example when delivering mail it is connecting from 137, instead of 138? Probably because you have a general-purpose SNAT rule for outbound packets, setting the source address on everything to 217.x.x.137? > Is there a forward rule I've forgotten? Or do I need to do another DNAT > rule translating 192.168.1.2 -> 217.79.119.138? Change DNAT into SNAT in the above sentence, and yes. Antony. -- The first fifty percent of an engineering project takes ninety percent of the time, and the remaining fifty percent takes another ninety percent of the time. Please reply to the list; please don't CC me. . ----------------------------------------------------------------------- Information in this email may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. -----------------------------------------------------------------------
