DNAT/SNAT question

Gary W. Smith gary at primeexalia.com
Fri Apr 15 01:08:08 CEST 2005


I'm almost there.  I get an error when trying to use NETMAP in the
OUTPUT chain.  Is there something else I need to add?

iptables -t nat -A OUTPUT -d 88.44.55.8/26  -j NETMAP --to 10.20.30.8/26
iptables v1.2.11: Bad network address `10.20.30.8/26'




-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Jason
Opperisano
Sent: Thursday, April 14, 2005 3:59 PM
To: netfilter at lists.netfilter.org
Subject: Re: DNAT/SNAT question

On Thu, Apr 14, 2005 at 03:50:17PM -0700, Gary W. Smith wrote:
> You caught another typo, it should have been .3-7.  Also, the prefix
> changes will also help.
> 
> But I'm still concerned / confused about the OUTPUT chain.  We
currently
> use the OUTPUT chain for the 1:1 nat.  That seems to work fine on all
> other configurations where we do nat'ing. 
> 
> Our rule is currently "[0:0] -A POSTROUTING -s 10.20.30.8 -j DNAT --to
> 88.44.55.8" which works fine.  But can we also consolidate this using
> the NETMAP like the pre/post route? 

yes.

-j

--
"Peter: Hey, Brian. If cops are pigs, does that make you a Snausage?
 Brian: Clever, Peter. Did you stay up all night writing that?
 Peter: No, I got to bed around two, two-thirty."
        --Family Guy




More information about the netfilter mailing list