Hi Patrick, Patrick McHardy schrieb: > Ingo Oeser wrote: > > Patrick McHardy schrieb: > > > >>My guess is that you're using MASQUERADE on ppp0, which since 2.6.14 > >>doesn't exclude locally generated packets anymore, so it translates > >>them to the primary ppp0 address. For replies it works because NAT > >>is already set up for the incoming packet, without masquerading. > > > > > > Your guess is right! Thanks for that hint. Do you have any idea, how to > > restore the old behavior? > > > > I have to, because the ISP cannot assign a different local address > > and have problems with the new behavior, because that IP adress is an MX > > entry > > and the VPN gateway address for several third party vendor tunnels. > > So changing that is quite an effort. > > > Since these packets already have the proper source address chosen > by routing, there is no need to NAT them anymore. So the easiest > fix is to exclude them manually from masquerading based on the > address.
Just did that (iptables -t nat -I POSTROUTING -s $SRCADDR -o ppp0 -j ACCEPT) and it works without any problems. Many thanks for your very fast help! I'm very happy now :-) Do you know any good place, where this can be documented? Best regards Ingo Oeser - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html