DNAT/SNAT question

Gary W. Smith gary at primeexalia.com
Thu Apr 14 19:49:30 CEST 2005


Jason, 

So I would do something like 
[0:0] -A PREROUTING -d 66.121.12.64/26 -j NETMAP --to 10.0.12.64/26
Instead of:
[0:0] -A PREROUTING -d 66.121.12.64 -j DNAT --to-destination 10.0.12.64

And 
[0:0] -A POSTROUTING -d 10.0.12.64/26 -j NETMAP --to 66.121.12.64/26
Instead of:
[0:0] -A POSTROUTING -o eth0 -s 10.0.12.64 -j SNAT --to-source
66.121.12.64

And 
[0:0] -A OUTPUT -d 66.121.12.64/26 -j NETMAP --to OUTPUT 10.0.12.64/26
Instead of:
[0:0] -A OUTPUT -d 66.121.12.64 -j DNAT --to-destination 10.0.12.64

Is this correct?

Please note, not valid external IP's...

> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org [mailto:netfilter-
> bounces at lists.netfilter.org] On Behalf Of Jason Opperisano
> Sent: Thursday, April 14, 2005 10:29 AM
> To: netfilter at lists.netfilter.org
> Subject: Re: DNAT/SNAT question
> 
> 
> this is the job of the NETMAP target.  and you would do it in two
rules,
> one POSTROUTING (SNAT), and one PREROUTING (DNAT).
> 
> HTH...
> 
> -j
> 
> --
> "Stewie: HA! That's so funny I forgot to laugh! Excluding that first
>  'ha.'"
>         --Family Guy




More information about the netfilter mailing list