> Um, correct me if I'm wrong, but Destination NATing should not alter the > source IP address of the packet that is being NATed. > > Honestly, I wonder how you are doing your DNATing and if you are not > also possibly unknowingly SNATing as well. Hmm, well here are the rules I'm running. The port forward: echo "1" > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -d $EXTIP -p tcp --dport 25 -j DNAT --to $MAILSERVER:25 And the SNAT for return traffic: iptables -t nat -A POSTROUTING -d $MAILSERVER -j SNAT --to $EXTIP ...At least, I found that traffic wouldn't flow without this additional rule. Have I gotten something else fundamentally wrong here? John -- John Madden Sr. UNIX Systems Engineer Ivy Tech Community College of Indiana jmadden@xxxxxxxxxxx - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
