On Sun, 2012-07-01 at 16:35 +0300, Valts Silaputnins wrote: <snip> > However the source address was still wrong. Ok so I tried to fix that by > adding SNAT to POSTROUTING chain. Only to realize that for some reason > those packets don't hit it (checked by -j TRACE...). What are your rules for this? As long as the packets are actually hitting that chain then I don't see why they wouldn't be sent to the SNAT target. > So I started googling for reasons for this problem, however results seem > to condradict each other, some say it (well for tcp I suppose) works > fine, some say SNAT for OUTPUT doesn't work at all. I don't see why it should be a problem, but you have to use SNAT in the POSTROUTING chain not OUTPUT. From the man page: SNAT This target is only valid in the nat table, in the POSTROUTING chain. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
