From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Cope Subject: Re: How to Get a DMZ hosts's trafic routed via a particular IP address on a firewall - NOW solved Date: Fri, 6 May 2005 15:57:39 +0100 Message-ID: References: <20050505213458.GA24884@bender.817west.com> <20050506144027.GA27512@bender.817west.com> Reply-To: Greg Cope Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <20050506144027.GA27512@bender.817west.com> Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Jason Opperisano , netfilter@lists.netfilter.org > not even...bill joy? Hum... > remember the part where i said, "make sure the 2nd rule comes *before* > any outbound SNAT/MASQ rule that is less specific"...i do--man, those > were good times. > anyways, since you match all 192.168.0.0/16 traffic with the MASQ rule, > the SNAT rule for 192.168.254.3 will never be matched. >=20 > translation: put the dang SNAT rule for the mail server first. >=20 Ah - thanks - I am SURE I tried that..... Anyway this now works with: $IPTABLES -t nat -A POSTROUTING -o ${INET_IFACE} -s $DMZ_MAIL_IP -p tcp --dport 25 -j SNAT --to-source $MAIL_INET_ALIAS Many, many, many thanks. Greg > -j >=20 > -- > "Lois: I'll be just like Hillary Clinton, only you know, without the > penis." > --Family Guy >=20 >