Hi Antony >> >> I have email server running behind my firewall. Now all request >> coming >> >> from internet are logged as if coming from my firewall. I want the >> >> request to be logged with source ip and not with firewall ip. >> > >> > I know that is your problem. >> > >> > I believe the change to your MASQUERADE / SNAT rule which I posted is >> a >> > solution to that problem. >> > >> > If it is not a solution, then post your current ruleset so that we can >> > think about it further. >> >> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to >> 192.168.0.6:25 > > I don't believe that can be your complete ruleset. > > I see nothing wrong with the above rule as it stands, however on its own > it's > not much good - you need a FORWARD rule to allow packets through to the > mail > server as well. > Can you give me an example of the forward rule set. > Anyway, I thought (I may be mistaken) that the problem was not with the > inbound DNAT, but with SNAT? > Or shall I attach my complete bash script ? (is it ok ?) Regards Joel
