Static DNAT.. An easier way?
Rusty Russell
rusty@linuxcare.com.au
Tue, 13 Jun 2000 11:08:17 +1000
In message <Pine.LNX.4.10.10006082247150.13127-100000@envy.rpi.net.au> you writ
e:
> box1: iptables -t nat -A PREROUTING -d 1.20.1.1 -j DNAT --to 10.20.1.1
> box2: iptables -t nat -A PREROUTING -d 2.20.1.1 -j DNAT --to 10.20.1.1
> box1: iptables -t nat -A PREROUTING -d 1.20.1.2 -j DNAT --to 10.20.1.2
> box2: iptables -t nat -A PREROUTING -d 2.20.1.2 -j DNAT --to 10.20.1.2
> [etc etc]
>
> Then routing net 1/8 to box1, 2/8 to box2 - this works fine.
> HOWEVER. I don't have a pile of 1ghz machines to do this on, nor do I
> have a gig of ram in the machines to load up 1.6 million-odd addresses.
> Is there any way to say, specifically, something like:
There used to be a `static' target, which people started using even
when they didn't need it. I dropped it, and noone complained. This
simply means that I need a more intimidating name for it, eg:
# iptables -t nat -A PREROUTING -d 2.20.0.0/16 -j DUMBNAT --dumbnat-base 10.20.0.0
If you want to hack, netfilter hacking guide is the place to start...
Rusty.
--
Hacking time.