>>Even if it's not completely clear to me why: the offending rule was >> >>$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source >>$INET_IP >> Try adding a line above this one in the post routing table $IPTABLES -t nat -A POSTROUTING -d $DESTNET -j SNAT -j ACCEPT Where $DESTNET = the lan on the other side of the tunnel ?
