DNAT/SNAT question

Gary W. Smith gary at primeexalia.com
Fri Apr 15 01:08:08 CEST 2005

I'm almost there.  I get an error when trying to use NETMAP in the
OUTPUT chain.  Is there something else I need to add?

iptables -t nat -A OUTPUT -d  -j NETMAP --to
iptables v1.2.11: Bad network address `'

-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Jason
Sent: Thursday, April 14, 2005 3:59 PM
To: netfilter at lists.netfilter.org
Subject: Re: DNAT/SNAT question

On Thu, Apr 14, 2005 at 03:50:17PM -0700, Gary W. Smith wrote:
> You caught another typo, it should have been .3-7.  Also, the prefix
> changes will also help.
> But I'm still concerned / confused about the OUTPUT chain.  We
> use the OUTPUT chain for the 1:1 nat.  That seems to work fine on all
> other configurations where we do nat'ing. 
> Our rule is currently "[0:0] -A POSTROUTING -s -j DNAT --to
>" which works fine.  But can we also consolidate this using
> the NETMAP like the pre/post route? 



"Peter: Hey, Brian. If cops are pigs, does that make you a Snausage?
 Brian: Clever, Peter. Did you stay up all night writing that?
 Peter: No, I got to bed around two, two-thirty."
        --Family Guy

More information about the netfilter mailing list