-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Juergen,
The OUTPUT nat chain is only able to dnat.
Now that you mention this I think I remember the point: OUPUT is not the place to do it - you were right with POSTROUTING - I had a look on the configuration on my server - the relevant part looks like this: Chain POSTROUTING (policy ACCEPT) [...] SNAT tcp -- web_max.intern !vservers.intern/24 to:ip1 SNAT udp -- vservers.intern/24 !vservers.intern/24 to:ip2 SNAT tcp -- vservers.intern/24 !vservers.intern/24 to:ip2 SNAT icmp -- vservers.intern/24 !vservers.intern/24 to:ip2 I haven't ever tried it with MASQUERADE, but the configuration mentioned here works.... Hope you will find a solution soon ;-) Baltasar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFDjLsTp2YsmzTbIwYRAit+AKCl0rrbDFst3/SSY1UiqsOp1EgekgCgyZUH WRyOY0i+sNDdt6hXK7+7wY0= =IIkd -----END PGP SIGNATURE----- _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
