(forgot to CC the list the first time i sent this) On 9/2/05, Christian Bricart <christian@xxxxxxxxxx> wrote: > is there a simple way to do SNAT for packets that originate from the > router itself? Try using something like the following: iptables -t nat -A OUTPUT -j SNAT --to-source $EXTDEV_SNATIP Of course, this is oftentimes not necessary, but it might be if you have *multiple* external-facing static IPs from which you want to set one for outbound traffic. Off-topic musing: It might also be strange if you have two static IPs A and B with sshd listening to port 22 on both of them. Someone connects to B, but you SNAT the reply out of A, and the client gets confused and drops the reply. --Curby
