> In attempting to use the MASQUERADE target for some traffic that is > locally generated (as opposed to forwarded traffic) I found that the > source IP address was not being changed even though the rule was > clearly being used. If a packet is MASQ-ed, it gets the source IP address from an interface on the firewall where it leaves from (to put it simple). When a locally generated packets leave the firewall from the same interface as MASQ-ed packets do, they should already have the same source IP address so why would you want to use MASQ ? I see no reason for locally generated packets to be MASQ-ed and I think the question is: what is it that you want to accomplish by MASQ-ing locally generated packets..? Gr, Rob
