afshin lamei zei: > dear all, I've a linux box with iptables which is working in bridge > mode. I want to change (NAT) the source IP of the outging packets, > using: > iptables -t nat -A POSTROUTING -s 192.168.100.100 -j SNAT --to-source > 192.168.100.1 > the rule works correctly (source nat is done), but the client > (192.168.100.100) does not revieve any packet of the reply. sniffing the > outgoing traffic shows that the next hop can not find the client with > translated IP (192.168.100.1). what should I do? Create a static arp entry on the firewall for 192.168.100.1 so the packets can find their way back to the firewall. Remember, 192.168.100.1 does not "exist" so we have to fake it in order for the arp protocol to work. HTH, M4
