On Thursday 2010-12-23 23:43, Stephen Clark wrote: > On 12/23/2010 04:53 PM, Jan Engelhardt wrote: >> On Thursday 2010-12-23 15:12, Stephen Clark wrote: >> >>> Why the inconsistency in the way addresses are treated. I can use -d >>> 2.2.2.2/32 >>> but not --to-source 205.201.149.214/32 >>> >>> iptables -t nat -A POSTROUTING -o eth1 -s 10.0.128.0/17 -d 2.2.2.2/32 -j SNAT >>> --to-source 205.201.149.214/32 >>> >> What inconsistency? >> > If you try the above command you get a complaint about > > --to-source 205.201.149.214/32 > you have to use > --to-source 205.201.149.214 Ah "that" sort of "inconsensitency". No, that is not an inconsistency. -d takes an addr[/mask] or a addr[/prefixlen] or a list thereof, while -m iprange and DNAT's --to-source take addr[-addr]. Each is subtly different. And documented. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
