rob0 at gmx.co.uk
Sat Sep 3 22:29:54 CEST 2005
On Saturday 2005-September-03 14:28, ISC Jorge Ceron Galvan wrote:
> > > I currently have a situation that I am hoping iptables can
> > > resolve. The issue is that I need to NAT the source address based
> > > on the destination address. Is that possible with IPTables ?
> > Trivial.
> > > if dst = 188.8.131.52 src = 10.1.1.1
> > iptables -vt nat -A POSTROUTING -d 184.108.40.206 -j SNAT -to 10.1.1.1
> why -vt?
> this rule confused me, I'm a begginer;
All the more reason to RTFM, as previously suggested. Hint: the -v
option to iptables does the same thing as does the -v option to most
other command line programs.
> what about
> iptables -t nat -A POSTROUTING -s 10.1.1.1/24 -j SNAT --to 220.127.116.11
This is not what the OP said was wanted. That is SNAT based on the
source address, not the destination.
> iptables -t nat -A POSTROUTING -o eth0 -s 10.1.1.1/24 -j SNAT --to
Same thing, with the additional specification of output interface. You
can, of course, specify more matching options to limit the packets
selected by the rule. It *is* common to limit SNAT based upon source
> > > Can anyone give me any advice on completing that?
> > "man iptables"
> > Order matters. If you have a catchall SNAT rule before the specific
> > destination ones, the catchall is the one used.
> > NAT != routing. If your SNAT'ed IP addresses need to go out
> > different interfaces, this won't work. See the LARTC HOWTO.
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter