ipnatctl: exclude addresses

Harry Holt hholt@home.com
Thu, 23 Sep 1999 01:43:58 -0400


At 02:20 PM 9/23/1999 +1000, Horms wrote:
>Hi,
>  I am looking to use ipnatctl to redirect port 80 traffic to port
>8080 on a proxy server. So I put in a rule along the lines of:
>
>/sbin/ipnatctl -I -p tcp -d 0.0.0.0/0 --dport 80 -b dest -t 10.21.64.19
--to-port 8080
>
>Problem is that the proxy servers outbound traffic has to 
>travel though this router too and this rule will
>basically redirect the proxy's retrieval attempts back to
>itself. Right?
>
>Is there a way to exclude some hosts from the NAT, possibly
>by looking at the source interface?
>
>As it happens in this case the address which the proxy server sits on
>will be masqueraded using:
>
>/sbin/ipnatctl -I -s 192.168.8.0/24 -b source -m masquerade
>
>Perhaps a noop mapping should exist.
>
>--
>Horms
>

What happens if you also do:

ipnatctl -I -p tcp -s 10.21.64.19/36 -b dest

??
... HH