I have a eth0(LAN) with 10.0.0.0/24 > a eth1(Internet) with 1.2.3.114/30 > a eth2 (DMZ) with 1.2.3.126/28
> > > > iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE > > > > iptables -A PREROUTING -t nat -d 1.2.3.118 -j DNAT --to 10.0.0.15 > I want to acces Internet with 1.2.3.114 and i want to have a machine which > is actually in my lan to be accessible to internet via a public ip. Insteade of iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE try iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 --jump SNAT --to-source 1.2.3.114 This means packets going out from eth1 with source 10.0.0.0/24 will have source address of 1.2.3.114. Normally MASQUERADE should also work, but I have never used it. Can you also give the output from netstat -nr ? Best regards. Erdal MUTLU
