> >REDIRECT functionality does work upstream, but TCP source address >spoofing can only be achieved with iptables SNAT. SNAT in -t nat -A OUTPUT does not seem to work AFAICR, so you need at least two boxes to implement the SNAT, right? Jan Engelhardt --