> Never ever had netfilter NAT fail on me. > > But if your intercepting router is running in "lollipop" mode (just one > interface, next hop router on same interface as client station) then you > may need disabling ICMP redirects. I have 2 interfaces on that router, it is setup as follows: [Customers]---DS3[Cisco 7206]Fa2/0------| ---------------------------------------------------------- |------eth1[BOX 'mainbr' is bridge iface with ip]eth0----| ---------------------------------------------------------- |------[Switched network including link to internet] Relatively simple setup. Sorry if that is difficult to understand. Jon -- Jon Newman (jnewman@xxxxxxxxxx) Systems Administrator/Software Engineer The Optimal Link (http://www.oplink.net)
