Hi all I have a a firewall with 3 phisical nic (LAN, WAN, DMZ) I have 8 public IP I can use on WAN's nic (eth0) so I configured some alias on eth0: eth0 x.x.x.234 Mask:255.255.255.248 eth0:0 x.x.x.235 Mask:255.255.255.248 eth0:1 x.x.x.237 Mask:255.255.255.248 eth0:2 x.x.x.238 Mask:255.255.255.248 eth1 10.0.0.254 Bcast:10.0.0.255 Mask:255.255.255.0 eth2 192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0 I have added this iptables rule that work like a charm iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source x.x.x.234 both my LAN (eth2) and my DMZ (eth1) surf internet with phisical IP Now I need that one host 192.168.1.201 will be "masqueraded" with x.x.x.238 so I add the rule ABOVE the first one iptables -t nat -A POSTROUTING -s 192.168.1.201 -o eth0 -j SNAT --to-source x.x.x.238 The issue is that 192.168.1.201 keep to use physical IP x.x.x.234 and not x.x.x.238 Some hint? thanks Paolo -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
