I have a custom proxy which is being used to direct traffic based on application layer data. The proxy receives connections from foreign addresses and then proxies them to applications running on the local machine--the same machine the proxy is running on. The problem is that all the connections to applications appear to come from the proxy server's ip address instead of the originating foreign address. We need the source address to be the foreign address and tried to use SNAT to do it. But apparent SNAT doesn't work when the source and destination addresses are all on local interfaces. When I do a tcpdump I see all the traffic that should be caught by the SNAT rule appears on the loopback interface. When I check the rule no packets are caught by it. Is there anyway to get SNAT to work for local source and destination address? Or is this some sort of limitation imposed by the kernel or iptables? thanks, Dave -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html