Hello We have a lan with ips in private range Problem is described with a following pic ---------- ---------- | PC2 |-----| R2 | ---------- ---------- | | ---------- ---------- | R1 |--------| PC1 | ---------- ---------- | ---------- | ISP | ---------- R1 - router 1, linux R2 - router 2, ms windows 2000 PC1 - pc 1, ms windows XP PC1 - pc 1, ms windows 2000 when I'm trying to set SNAT on R1 for PC1 # iptables -t nat -A POSTROUTING -s $pc1 -j SNAT --to-source $ip_to_isp it works but when I'm trying to set SNAT for PC2 # iptables -t nat -A POSTROUTING -s $pc2 -j SNAT --to-source $ip_to_isp it fails tcpdump -nl -i $ISP_eth shows that R1 forwards packets from PC2 to outside world without NATing and in the same time packets from PC1 is NATed when i made # iptables -t filter -A FORWARD -s PC2 -j DROP it works, packets from PC2 is not going outside anymore i have tried to do SNAT with firewall rules flushed and policies set to ACCEPT the problem appeared again Thanks at advance