On Thu, 2003-06-05 at 13:38, Dharmendra.T wrote: > On Thu, 2003-06-05 at 15:26, Paulo Andre wrote: > I would like to do the following: > > Stop MASQUESRADING to two servers say. 10.10.10.5 and 10.10.10.8, how would i > do this with a rule. > > iptables -t nat -A POSTROUTING -s x.x.x.x -d ! 'servers ip' -j MASQUERADE > now how would i put in two ip address's ? > > > Hi > iptables -t nat -A POSTROUTING -s 10.10.10.5 -d 'sever ip' -j DROP > iptables -t nat -A POSTROUTING -s 10.10.10.8 -d 'sever ip' -j DROP > > Should work No, that will drop the packets and they won't traverse any more tables/chains. the -j return tells iptables to leave the POSTROUTING chain and continue, so no more POSTROUTING rules will be checked for that packet. the nat table has these chains: PREROUTING POSTROUTING OUTPUT A target of -j return means leave this chain and continue to the next. Ray > -- > Regards > Dharmendra.T > > > This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited. -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
