only SNAT packets originating from local?
curby .
curby.public at gmail.com
Tue Sep 6 22:39:01 CEST 2005
(forgot to CC the list the first time i sent this)
On 9/2/05, Christian Bricart <christian at bricart.de> wrote:
> is there a simple way to do SNAT for packets that originate from the
> router itself?
Try using something like the following:
iptables -t nat -A OUTPUT -j SNAT --to-source $EXTDEV_SNATIP
Of course, this is oftentimes not necessary, but it might be if you
have *multiple* external-facing static IPs from which you want to set
one for outbound traffic.
Off-topic musing: It might also be strange if you have two static IPs
A and B with sshd listening to port 22 on both of them. Someone
connects to B, but you SNAT the reply out of A, and the client gets
confused and drops the reply.
--Curby
More information about the netfilter
mailing list