> I have lan (10.0.0.0/8) and server (10.1.1.1 for lan, dynamic ip > from my ISP). I use MASQUERADE to allow lan computer connects to > internet. eth0 connects to lan, ppp0 for internet. > > All traffic lan <--> internet passes through FORWARD chain. How > can I "catch" this traffic in POSTROUTING chain? define "catch." you could say that you are already "catching" the traffic with your MASQUERADE rule--as it would have to be in the POSTROUTING chain of the NAT table... maybe you want to log the traffic before it gets MASQ'ed? then: iptables -t nat -I POSTROUTING -o $EXT_IF -j LOG Or are you trying to do something else? Maybe the POSTROUTING chain of the MANGLE table? iptables -t mangle -I POSTROUTING -o $EXT_IF -j crunch_n_munch -j
