Hi!
Pascal Hambourg írta:
You don't need SNAT nor masquerade. It hides the real source address
from the server. You just need to add a proper route on the server so it
knows how to reach the client address via the router.
Besides, the SNAT rule proposed by Gaspar could not help because it
works on the external interface, while the missing route on the server
requires SNAT/MASQUERADE on the internal interface.
After reading back the whole conversation I found out that you are right! :D
I just thought that we have here an usual "gateway/firewall" scenario.
So you really only need SNAT/MASQUERADE on any interface (mostly on the
internet side) if your connected network (internet) does NOT knows
anything about the other side of your gateway (your LAN).
Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html