exclude NAT to multiple networks
Joel Newkirk
netfilter@newkirk.us
Thu, 21 Nov 2002 19:16:57 -0500
On Friday 15 November 2002 06:20 pm, Matthew TenHulzen wrote:
> I have the following NAT line that excludes NAT'ing to the 192.168.250.=
0/24
> network.
>
> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -d ! 192.168.250.0/24 -j
> SNAT --to-source $INET_IP
>
> I need to exclude NAT for additional networks, but cannot figure out ho=
w to
> do it. I have tried duplicating this line, but it doesn't work. I als=
o
> cannot figure out how to specify multiple subnets in the same line.
>
>
> Does anyone know how to exclude traffic to multiple subnets from being
> NAT'ed??
If you want those subnets to be ACCEPTed instead of SNATted, just set up =
a=20
series of rules that test for your selected subnets, and ACCEPT them, the=
n=20
SNAT anything that makes it past those.
j