On Monday 10 March 2003 01:02 pm, Steve Mickeler wrote: > I have a requirement where I need to NAT some internal connections to > make sure everything to the destination appears to be coming from the > same source. > What I need to do is this: > > If the destination IP = 172.17.4.200 then redirect it to 192.168.32.18 > but first NAT the source IP to 192.168.32.200 > > Anyone know a simple way to do this ? iptables -t nat -A PREROUTING -d 172.17.4.200 -j DNAT --to 192.168.32.18 iptables -t nat -A POSTROUTING -d 192.168.32.18 -j SNAT --to 192.168.32.200 You can't SNAT first, but you can DNAT then SNAT. This will accomplish what you ask. (as always, make sure you ACCEPT the traffic in FORWARD, based on "-d 192.168.32.18", if not covered by a more general rule) j
