11 Jul
2006
11 Jul
'06
10:52 a.m.
On Tue, Jul 11, 2006 at 11:41:14AM +0200, Jan Engelhardt wrote:
REDIRECT functionality does work upstream, but TCP source address spoofing can only be achieved with iptables SNAT.
SNAT in -t nat -A OUTPUT does not seem to work AFAICR, so you need at least two boxes to implement the SNAT, right?
We do it in POSTROUTING and that seems to work fine? cheers, Lennert