Le mar 03/12/2002 à 10:13, GUILHEM Michel (34) a écrit : [...] > I want trying to do this the following rule > iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth0 -j SNAT --to > source 154.0.0.0/255.0.0.0 > But i am not sure , is my probleme solvable by a combination of iptables , nat > and route ? I do not think DNAT will work until you specify a DNAT rule per client (i.e. static DNAT). You can use patch-o-matic NETMAP target that is almost what you exactly want : http://www.netfilter.org/documentation/pomlist/pom-base.html#NETMAP NETMAP target just alters network part of IP, letting host part unmodified. It can provide both DNAT and SNAT if respectively used in PREROUTING or POSTROUTING. -- Cédric Blancher <blancher@cartel-securite.fr> IT systems and networks security expert - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
