Source natting occurs in the POSTROUTING chain (the source nat occurs after the routing decisions have been made for the packet, destination nats however occur before routing decisions are made). You are currently using PREROUTING with "-j SNAT" iptables will exit with an error as a result. On Wed, 2004-09-22 at 23:58 -0400, Ryan Johnson wrote: > Hey everyone, > > OK, not sure if this is more appropriate on the netfilter mailing list, > but here it goes. > > This is a weird setup that is out of my company's control. We have a > webserver setup which will be contacted by several clients with > different ip. All of these client ip must be translated to the same ip. > The problem is this all has to happen on the same box. So before the > packet reaches the apache webserver daemon, can the kernel running on > the webserver translate the source address? > > I have tried iproute2 and iptables with no luck. Looked at netfilter > patch-o-matic-ng and did not see anything that would help me. Is this > even possible? > > I would need something like this > iptables -A PREROUTING -i ethX -s $CLIENTIP -d $WEBSERVER -j SNAT --to > $NEWCLIENTIP > > but the SNAT is not supported in PREROUTING. > > Any ideas? I not familiar with iproute2 so if there is a solution could > you post the commands. > > Thank you in advance, > > Ryan > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- Corey Rogers Senior System Administrator Wamco Technology Group Ltd (Barbados) Building #4, Suite 103 Harbour Industrial Park, St. Michael Phone: (246)437-3154 FAX: (246)434-8883 Windows (win'-doze) 95 (n.): 32-bit extensions to a 16-bit graphical shell for an 8-bit operating system originally coded for a 4-bit microprocessor by a 2-bit company that can't stand 1 bit of competition. [F]or those of you who are constantly belittled by your peers for believing that Big Brother is out to get you, be assured, it is. In fact,you are probably not paranoid enough." - editorial, "Today's Technology Can Easily Track Criminals and Ex-offenders", _The_ECHO_ newspaper, Jan. 1998 CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is (are) for the intended recipient only (person or entity) and may contain confidential or proprietary information some or all of which may be legally privileged. Any unauthorized review, use, copy, print, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and do not in any way rely on this e-mail. If you are the intended recipient but do not wish to receive communications through this medium, please so advise the sender immediately.
Attachment:
signature.asc
Description: This is a digitally signed message part
