From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cedric Blancher Subject: Re: Not quite understanding DNAT Date: 25 Jul 2003 12:10:52 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1059127851.1020.45.camel@elendil.intranet.cartel-securite.net> References: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="iso-8859-1" To: Chris Wilson Cc: Coutts@elendil.intranet.cartel-securite.net, "Ashe (Testing Account)" , netfilter@lists.netfilter.org Le ven 25/07/2003 =E0 11:47, Chris Wilson a =E9crit : > You could try: > route add dev eth0 \ > gw > Using an address of your own box as the gateway of a route will cause > locally-generated traffic going down that route to come from that addre= ss, > instead of the default address on the device. This should mean that the > masquerading uses that address too, but I haven't tested it. I've just tested this, it does not work as I was expecting. Therefore, you can use iproute2 to achieve this kind of behaviour. You can specify to use an arbitrary local IP as source for a given route. Ashe, you should try this : ip route add $INSERV dev eth0 src $SRCIP I use this quite often on net2net VPN using FreeS/WAN to force gateways to use their private IP when communicating through the tunnel. --=20 http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE