[PATCH] iptables gateway match
Henrik Nordstrom
henrik at henriknordstrom.net
Sat Jun 2 13:38:43 CEST 2007
fre 2007-06-01 klockan 17:47 +0100 skrev Amin Azez:
> This adds a gateway match to iptables that lets you match against the
> routed ipv4 gateway, it's very useful for SNAT if you want to avoid
> replicating your routing in your SNAT table.
>
> e.g.
>
> iptables -t nat -A POSTROUTING -m gateway --nexthop 172.16.1.1 -j SNAT
> --to-address 172.16.1.5
> iptables -t nat -A POSTROUTING -m gateway --nexthop 192.168.1.1 -j SNAT
> --to-address 192.168.1.25
Cool. Been needing something like this many times in complex
environments with multiple links needing NAT based on the link and not
source/destination.. Helps keeping NAT table nice and clean with a
direct mapping to the network infrastructure rather than addresses..
Regards
Henrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad
meddelandedel
Url : /pipermail/netfilter-devel/attachments/20070602/6e94c44e/attachment.pgp
More information about the netfilter-devel
mailing list