DNAT/SNAT question

Jason Opperisano opie at 817west.com
Fri Apr 15 01:40:21 CEST 2005


On Thu, Apr 14, 2005 at 04:28:00PM -0700, Gary W. Smith wrote:
> I cleared and reloaded everything and it's now returning an Invalid
> argument error.  
> 
> Fine:
> iptables -t nat -A PREROUTING -d 88.44.55.8/29 -j NETMAP --to
> 10.20.30.8/29
> iptables -t nat -A POSTROUTING -s 10.20.30.8/29  -j NETMAP --to
> 88.44.55.8/29
> 
> Error:
> iptables -t nat -A OUTPUT -d 88.44.55.8/26  -j NETMAP --to 10.20.30.8/29
> iptables: Invalid argument
> 
> Almost there.

aww crap--i had to go an open my big fat mouth without looking at the
dang help file...

NETMAP is only valid in PREROUTING and POSTROUTING...so no dice in
OUTPUT...

looks like you gotta go the old 'for loop' route:

  for i in `seq 8 127`; do
    iptables -t nat -A OUTPUT -d 88.44.55.${i} -j DNAT --to 10.20.30.${i}
  done

sorry 'bout that...

-j

--
"Lois: Meg, I'm like one of those bald eagles you see on the Discovery
 Channel. Beautiful to look at, but mess with one of my chicks and
 I'll claw your fucking eyes out. Now who wants a cookie?
 Stewie: I do. Ooh, keep talking. All this talk about eye-gouging
 has got me all frisky."
        --Family Guy



More information about the netfilter mailing list