On Thursday 2009-04-16 15:00, Stephen Clark wrote:
> Hello,
>
> I have to separate ipsec tunnels going to two different private networks. How
> do I keep iptables from natting the traffic destined for these 2 networks. I
> tried:
>
> iptables -t nat -A POSTROUTING -o eth1 -d ! 192.168.1.0/24 -d ! 172.16.0.0/16
> -j MASQUERADE
>
> but it says only one -d is allowed. So I tried
Create a new chain from which you prematurely exit if the daddr is
192.168.1.0/24 or 172.16.0.0/16, and the third rule would masq.
> iptables -t nat -A POSTROUTING -o eth1 -d ! ( 192.168.1.0/24 || 172.16.0.0/16 )
> -j MASQUERADE
>
> and it says "(" error. So how do I specify multiple destination
> networks/addresses to be excluded from being natted.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
