I'm having problems with my e-mail server saying that every connection originates from the NAT box. I checked it on my other linux server and sure enough even though I have 1:1 DNAT and a reverse SNAT configured, packets destined for my server show the NAT box as the source. How do you configure DNAT so that it keeps the original Internet address and does not mangle it, only the destination address to my server on a private subnet? iptables -t nat -A PREROUTING -d 1.1.1.4 -j DNAT --to-destination 192.168.2.10 iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to-source 1.1.1.4 So the gateway's public address is 1.1.1.1 and the e-mail server is 1.1.1.4. The e-mail logs and ssh logins all show that every connection is made from 1.1.1.1 even though the connections are made from the Internet. Thanks, Robert LeBlanc
