On Fri, March 10, 2006 16:37, Leandro Silva wrote: > Hello Jorge ! > > Thanks for the response. > When i have a fixed ip i can use SNAT, but i have some dsl links with > dynamic ip so i can't use SNAT :-( > > Leandro If you have a ppp adapter you need MASQUERADE. If you have DSL with a static or "dynamic" (dynamically assigned, but it doesn't change) IP address on an eth interface you can still use SNAT. E.g. I have a DSL line which assignes a static IP address. I use SNAT. > ------- > Leandro: > > You need another rule to alter the source ip address of the outgoing packets. > > iptables -t nat -A POSTROUTING -o eth0 \ -j SNAT --to-source <server_address> > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE You do *not* need both rules. Gr, Rob > El vie, 10-03-2006 a las 12:01 -0300, Leandro Silva escribió: >> I have the following rule in my firewall: >> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE And that's the >> only rule if postrouting chain. It's working fine but from time to >> time a packet leaves the server with the original ip and not with the >> server's. It's happening like 1 "wrong" packet for 100 or 200 ok. >> I've tried in other servers with same results and different >> "Mandrakes" ( 9.1, 10,1 and 2006.0 ). And different cpus ( p3, p4, >> amd, all with 512 mb ram ). >> Any ideias ? >> >> Thanks a lot >> Leandro
