http://iptables-tutorial.frozentux.net/iptables-tutorial.html SNAT is only valid in POSTROUTING chain, DNAT - in PREROUTING. These rules should be: iptables -t nat -A PREROUTING -d $PUBIP -j DNAT --to-destination $VPNIP # for incoming traffic iptables -t nat -A POSTROUTING -s $VPNIP -j SNAT --to-source $PUBIP # for outgoing traffic -----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of G. Skillen Sent: Saturday, March 28, 2009 5:52 AM To: jason.faulkner@xxxxxxxxxxxxx Cc: netfilter@xxxxxxxxxxxxxxx Subject: Re: NAT and openvpn > % iptables -t nat -A PREROUTING -s $VPNIP -j SNAT --to-source $PUBIP > % iptables -t nat -A POSTROUTING -s $PUBIP -j DNAT --to-destination $VPNIP Thanks for the reply ... when I try that I get: mothership:~# iptables -t nat -A PREROUTING -s 10.8.0.2 -j SNAT --to-source <ip omitted> iptables: Invalid argument (same for the next line) Any ideas? -- G. Skillen <g@xxxxxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
