Gary W. Smith
gary at primeexalia.com
Fri Apr 15 01:08:08 CEST 2005
I'm almost there. I get an error when trying to use NETMAP in the
OUTPUT chain. Is there something else I need to add?
iptables -t nat -A OUTPUT -d 188.8.131.52/26 -j NETMAP --to 10.20.30.8/26
iptables v1.2.11: Bad network address `10.20.30.8/26'
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Jason
Sent: Thursday, April 14, 2005 3:59 PM
To: netfilter at lists.netfilter.org
Subject: Re: DNAT/SNAT question
On Thu, Apr 14, 2005 at 03:50:17PM -0700, Gary W. Smith wrote:
> You caught another typo, it should have been .3-7. Also, the prefix
> changes will also help.
> But I'm still concerned / confused about the OUTPUT chain. We
> use the OUTPUT chain for the 1:1 nat. That seems to work fine on all
> other configurations where we do nat'ing.
> Our rule is currently "[0:0] -A POSTROUTING -s 10.20.30.8 -j DNAT --to
> 184.108.40.206" which works fine. But can we also consolidate this using
> the NETMAP like the pre/post route?
"Peter: Hey, Brian. If cops are pigs, does that make you a Snausage?
Brian: Clever, Peter. Did you stay up all night writing that?
Peter: No, I got to bed around two, two-thirty."
More information about the netfilter