On Sat, Aug 7, 2010 at 13:44, J Webster <webster_jack@xxxxxxxxxxx> wrote: > Well, it's more that the openvpn service is running on an IP of the server > of xxx.xxx.xxx.199 (the server has 2 public IPs). > I don;t really understand why when the client connects, that a site like > your ipecho below would report my IP as xxx.xxx.xxx.198 That's the source ip that netfilter gave to the MASQUERADEd connection as it passed through eth0. 198 is probably the primary ip for eth0 (eth0:0) and eth0:1 is 199, right? That is why by connections leaving eth0 will default to a source address of 198. There may be exactly one defailt IP. > omitting the port numbers? You tell us. man iptables[enter]/--to-source I don't know why you'd care about the source port, but it's your box. I use --random on mine, because I'm just that way.... Nice job netfilter devs, on --persistant. I was too busy to notice that slip in. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html