On 12/24/2010 03:46 AM, Jan Engelhardt wrote:
On Thursday 2010-12-23 23:43, Stephen Clark wrote:
On 12/23/2010 04:53 PM, Jan Engelhardt wrote:
On Thursday 2010-12-23 15:12, Stephen Clark wrote:
Why the inconsistency in the way addresses are treated. I can use -d
2.2.2.2/32
but not --to-source 205.201.149.214/32
iptables -t nat -A POSTROUTING -o eth1 -s 10.0.128.0/17 -d 2.2.2.2/32 -j SNAT
--to-source 205.201.149.214/32
What inconsistency?
If you try the above command you get a complaint about
--to-source 205.201.149.214/32
you have to use
--to-source 205.201.149.214
Ah "that" sort of "inconsensitency". No, that is not an inconsistency.
-d takes an addr[/mask] or a addr[/prefixlen] or a list thereof, while
-m iprange and DNAT's --to-source take addr[-addr].
Each is subtly different. And documented.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Just because it is documented doesn't mean it is not inconsistent.
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
