I have a linux router with a WAN/VPN interface (tun0) and a LAN/Bridge (br0). The SVI address on the bridge is 172.21.0.1 / 28. The Linux machine doesn't do any masquerading so all the traffic from machines connected to the br0 interface contains its original address. All traffic from the Linux router itself, sent over the VPN has a source address of the tun0, of course. Is it possible to to SNAT all traffic sent over the VPN to have a source ip of the bridge SVI? Something like: `iptables -t nat -A OUTPUT -o tun0 -j SNAT --to 172.21.0.1` `iptables -t nat -A POSTROUTING -o tun0 -j SNAT --to 172.21.0.1` works, but it will also masquerade all traffic forwarded from the bridge (br0) interface. Is this possible with netfilter? or even possible with linux? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
