> I have a tricky problem. I need a dual-homed linux box, one nic is > connected to our network, the other nic is connected to the customer > network. > > Several users from us are logging in via our interface and are leaving > the system on the customers interface. BUT I need them to leave with > different IP-addresses (al in the same subnet). > > Is there some netfilter or virtual ip addresses magic to do this ? If your clients have distinct IP addresses, then maybe the NETMAP or SAME targets will do what you want. The descriptions in iptables(8) aren't entirely clear, but maybe they'll do it. If you really want to do NAT based on user IDs, then vanilla iptables can't do it. Except for packets that originate on localhost, the owner of a packet is in general unknown. NuFW claims to solve this problem, but it's complex. Good luck, Andrew. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html