On 17 March 2010 15:20, Angel Motta <angelmotta@xxxxxxxxx> wrote: > When I apply this rule i did iptable-save and I see that NAT and I > also see my rule with itpables -t nat -L, but the clients vpn still > are conected to the Firewall with that public IP. Existing connections prior to the rule being inserted will not be moved until they reestablish a new connection. You can turn tracing on (iptables -t raw -A PREROUTING -j trace) and see if the rule is being met or not. By the sound of it something isn't matching so you might want to try inserting a rule to log traffic - just use the same match criteria but use the log target rather than DNAT - if you see no log entries then the rule for some reason isn't quite right... -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
