Ooops...forwarding a copy of my reply to the list... -Martin - - - - - - - Hello Anton, : Is there any problems when Policy and SNAT. : It is not working as i wonna. Well, it depends a great deal on how you use policy routing and SNAT. Generally, I have had fabulous luck with it. Another person on the list recently found some problems with his SMP kernel 2.4.18 (a little older) with MASQUERADING and SNAT/DNAT, so maybe you have troubles, but it is less likely if you are using a garden-variety scenario. : My main table has Default gateway : I has second table, with different default gateway Common way to do things. : Packet, that comes from my internal network is routed via man table. In : POSTROUTING i SNAT it befind IP, that must be routed via second table. !!POSTROUTING!! happens after routing. So, select the packet for routing in the second table before it gets SNATted. See also: http://linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-inbound http://mailman.ds9a.nl/pipermail/lartc/2003q1/007736.html http://lists.netfilter.org/pipermail/netfilter/2001-May/011697.html : But packet leaves thru first. Any Ideas? !!POSTROUTING!! happens after routing. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/