DNAT/SNAT question

Jason Opperisano opie at 817west.com
Thu Apr 14 19:57:23 CEST 2005


On Thu, Apr 14, 2005 at 10:49:30AM -0700, Gary W. Smith wrote:
> Jason, 
> 
> So I would do something like 
> [0:0] -A PREROUTING -d 66.121.12.64/26 -j NETMAP --to 10.0.12.64/26
> Instead of:
> [0:0] -A PREROUTING -d 66.121.12.64 -j DNAT --to-destination 10.0.12.64

yes.

> And 
> [0:0] -A POSTROUTING -d 10.0.12.64/26 -j NETMAP --to 66.121.12.64/26

change that to:  -s 10.0.12.64/26 ...

> Instead of:
> [0:0] -A POSTROUTING -o eth0 -s 10.0.12.64 -j SNAT --to-source
> 66.121.12.64
> 
> And 
> [0:0] -A OUTPUT -d 66.121.12.64/26 -j NETMAP --to OUTPUT 10.0.12.64/26

get rid of the wayward "OUTPUT"

> Instead of:
> [0:0] -A OUTPUT -d 66.121.12.64 -j DNAT --to-destination 10.0.12.64
> 
> Is this correct?

aside from what appears to be some errant copy & paste details, yes.

> Please note, not valid external IP's...

noted.

-j

--
"Peter: This party couldn't be better if Jesus was here.
 Jesus: For my next miracle, I will turn water... into FUNK."
        --Family Guy



More information about the netfilter mailing list