On Thursday 2009-04-16 15:00, Stephen Clark wrote: > Hello, > > I have to separate ipsec tunnels going to two different private networks. How > do I keep iptables from natting the traffic destined for these 2 networks. I > tried: > > iptables -t nat -A POSTROUTING -o eth1 -d ! 192.168.1.0/24 -d ! 172.16.0.0/16 > -j MASQUERADE > > but it says only one -d is allowed. So I tried Create a new chain from which you prematurely exit if the daddr is 192.168.1.0/24 or 172.16.0.0/16, and the third rule would masq. > iptables -t nat -A POSTROUTING -o eth1 -d ! ( 192.168.1.0/24 || 172.16.0.0/16 ) > -j MASQUERADE > > and it says "(" error. So how do I specify multiple destination > networks/addresses to be excluded from being natted. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html