other nat-Chains than PRE-/POSTROUTING,OUTPUT ?
Andre Kuester
akuester@csc-dd.de
Tue, 28 Nov 2000 12:36:58 +0100
Thanks Daniel, hopefully the last confusing questions from my side..
> > Is there also a possibility to check against different sources and/or
> > destinations in one rule? Special the logical negation check with the
> > "!"
> > in front of the adress/net?
> > Sure, I can define a chain where I check against each net/address in
> > a single rule, but I need to check against something like this:
> >
> > if (dst!=net1) && (dst!=net2) than SNAT, else route...
>
> iptables v1.1.2: multiple -s flags not allowed
>
> Think that says it all.
> This needs some reverse logic here. ;)
> iptables -t nat -A mychain -d net1 -j ACCEPT
> iptables -t nat -A mychain -d net2 -j ACCEPT
> iptables -t nat -A mychain -j SNAT --blah
When I do it this way, what happens to te packet?
Will it reach the gated/routed process?
Or is the only possibility to forward this packet, and have
have to use -j FORWARD instead of ACCEPT?
Or is routing and forwarding the same?
(Yes a really stupid question, but nobody could give me
ever a clear answer)
Still confused...
Andre
--
akuester@csc-dd.de