On Thu, 2012-03-08 at 10:16 -0500, nullv@xxxxxxx wrote:
> Hi,
>
> I have the following rules on my router/gateway:
>
> *nat
> :PREROUTING ACCEPT
> :INPUT ACCEPT
> :OUTPUT ACCEPT
> :POSTROUTING ACCEPT
> -A POSTROUTING -d 93.186.25.52/32 -m comment --comment "bb" -j SNAT --to-source 41.94.39.49-41.94.39.51
> -A POSTROUTING -s 10.0.0.0/8 -p tcp -m tcp --dport 53 -m comment
> --comment "domain" o eth0 -j SNAT --to-source 41.94.39.49-41.94.39.51
^^^^ Is this what you really have? Or is it a typo
in your email? Obviously it should be "-o" not "o"
> -A POSTROUTING -s 10.0.0.3/32 -j o eth0 -j SNAT --to-source
> 41.94.39.49-41.94.39.51
Have you tried removing all the other SNAT lines apart from this one?
And also seeing if this is definitely matching by setting a LOG target
first?
<snip>
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
Does it work if you remove this line?
Everything else looks fine to me, assuming that all your IP addresses
etc. are correct.
Andy
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
