Re: Two IP add

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2003-06-05 at 13:38, Dharmendra.T wrote:
> On Thu, 2003-06-05 at 15:26, Paulo Andre wrote: 
>         I would like to do the following:
>         
>         Stop MASQUESRADING to two servers say. 10.10.10.5 and 10.10.10.8, how would i 
>         do this with a rule.
>         
>         iptables -t nat -A POSTROUTING -s x.x.x.x -d ! 'servers ip' -j MASQUERADE 
>         now how would i put in two ip address's ?
>         
>         
>         	Hi
> iptables -t nat -A POSTROUTING -s 10.10.10.5 -d 'sever ip' -j DROP 
> iptables -t nat -A POSTROUTING -s 10.10.10.8 -d 'sever ip' -j DROP 
> 
> Should work 
No, that will drop the packets and they won't traverse any more
tables/chains.

the -j return tells iptables to leave the POSTROUTING chain and
continue, so no more POSTROUTING rules will be checked for that packet.

the nat table has these chains:

PREROUTING
POSTROUTING
OUTPUT

A target of -j return means leave this chain and continue to the next.

Ray

> -- 
> Regards
> Dharmendra.T
> 
> 
> This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error,please notify the sender and destroy the message immediately.Unauthorised use or reproduction of this message is strictly prohibited.
-- 
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux