Source NAT
ISC Jorge Ceron Galvan
jorgec at acerlandslp.com.mx
Sat Sep 3 21:28:26 CEST 2005
-----Original Message-----
From: /dev/rob0 <rob0 at gmx.co.uk>
To: netfilter at lists.netfilter.org
Date: Wed, 31 Aug 2005 06:37:33 -0500
Subject: Re: Source NAT
> On Wednesday 2005-August-31 06:18, Jimmy wrote:
> > I currently have a situation that I am hoping iptables can resolve.
> > The issue is that I need to NAT the source address based on the
> > destination address. Is that possible with IPTables ?
>
> Trivial.
>
> > if dst = 1.1.1.1 src = 10.1.1.1
>
> iptables -vt nat -A POSTROUTING -d 1.1.1.1 -j SNAT -to 10.1.1.1
why -vt?
this rule confused me, I'm a begginer;
what about
iptables -t nat -A POSTROUTING -s 10.1.1.1/24 -j SNAT --to 1.1.1.1
or
iptables -t nat -A POSTROUTING -o eth0 -s 10.1.1.1/24 -j SNAT --to 1.1.1.1
>
> > Can anyone give me any advice on completing that?
>
> "man iptables"
>
> Order matters. If you have a catchall SNAT rule before the specific
> destination ones, the catchall is the one used.
>
> NAT != routing. If your SNAT'ed IP addresses need to go out different
> interfaces, this won't work. See the LARTC HOWTO.
> --
> mail to this address is discarded unless "/dev/rob0"
> or "not-spam" is in Subject: header
More information about the netfilter
mailing list