Покотиленко Костик wrote:
I don't think so. You should (need) use either -j MASQUERADE or -j SNAT.
MASQUERADE is almost the same with SNAT, it more convient for NAT'ing on
ppp interfaces where there are different IP on each connect, that's way
it doesn't have --to-source option (it takes the address from the
outgoing interface).
The correct way would probably be:
iptables -A POSTROUTING -t nat -s 1.2.3.4 -o eth0 -j SNAT --to-source
1.2.3.5-1.2.3.7
OR
iptables -A POSTROUTING -t nat -s 1.2.3.4 -o eth0 -j SNAT --to-source
1.2.3.5 --to-source 1.2.3.6 --to-source 1.2.3.7
I understand, so outbound packets will convert to the (--to-source)
address outbound. But how will packets coming back in find their way
back to the original client?
For example, if I had this rule:
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j SNAT --to-source 1.2.3.4
then sure, a packet from IP 192.168.0.50 goes out just fine. But then I
would need a DNAT rule to send packets back to that internal IP address.
How would that work? Am I looking at this the right way?
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
