> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Marco Berizzi > Sent: Tuesday, September 20, 2005 10:24 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: snat to multiple source ip > > /dev/rob0 wrote: > > > On Tuesday 20 September 2005 07:39, Marco Berizzi wrote: > > > the source IP is set by > > iproute2 in the routing tables. > > Ok, I'm not clearly explained. > I'm using SNAT to change the source ip address because > iproute2 set an ip address that I don't like. > So, I have inserted the following line in my firewall script: > > iptables -t nat -I POSTROUTING -s iproute2_chosen_ip > --protocol tcp -j SNAT --to i_want_this_first_ip --to > i_want_this_second_ip > > But everytime I connect to the internet always > "i_want_this_first_ip" is chosen to do the SNAT. Uneducated, lazy guess: the SNAT target supports only one "--to [IP]" and the command parser ignores the extraneous "--to [IP2]". You can test this by switching the two IPs and see if you go out on a different address. Derick Anderson
