Outgoing NAT problem.

/dev/rob0 rob0 at gmx.co.uk
Tue Jul 5 17:00:47 CEST 2005

On Tuesday 05 July 2005 09:50, Carlos Cruells wrote:
> iptables -t nat -A POSTROUTING -s -o eth1 -j SNAT --to

If a packet has a source IP of and is routed out the eth1 
interface, rewrite the source IP to

> When i do a simple ping test from LAN --> Internet, it fails, but if

Don't do it from anywhere on the LAN. Only do it from It 
won't work from any other IP. Perhaps you wanted to use a different 
source specification, like "-s" or "-s"?

> i repeat the same test from firewall, it does ok.
> IP_LAN -------(ping)--------> IP www.cisco.com = Not OK
> Firewall -------(ping)--------> IP www.cisco.com = OK

DNS might also be a factor. Only the firewall machine and 
would be able to get out to any external resolvers with that rule.
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

More information about the netfilter mailing list