Salim S I wrote: > How about conn-marking the (NEW state)packets in POSTROUTING? > Would probably need to use conntrack ESTABLISHED,DNAT and ROUTE directive for packets coming from LAN to make sure packet goes out from the same interface it came on. Mohan