> also, as MASQUERADE alternative, maybe it could work better with SNAT ? > (using ip of output device, instead physdev) > > > iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT -to-source > X.X.X.X(replace by ip of the output device) That behaves quite the same.