[wellylug] iptables

[Jamie Baddeley]

Hi,

I'm trying to do some nat for my hosts on the Lan side. It's simple, I
want to snat any lan hosts to my exterior address. In this case the
exterior address is actually a vtun tunnel (i.e a device tun0)

I'm using this:

iptables -t nat -A POSTROUTING -o tun0  -s 192.168.91.0/24 -j SNAT --to-source 203.96.174.134	

and I've also tried this:

iptables -t nat -A POSTROUTING -s 192.168.91.0/24 -o tun0 -j MASQUERADE

But, based on looking at the output of tcpdump, things are not working -
no NAT happening.  I'm stuffed if I know why. The only thing I can think
of is that the tun0 interface for some reason is not actually positioned
postrouting as far as iptables is concerned...

Has anyone seen this? Or is there another way to make iptables do the
right thing?

I'm stumped.

Cheers

jamie