Do you say add 10.0.0.1 to eth0 because you figure I lack an external routing reference making packets arrive at my host? Come to think of it, there probably wouldn't be a router that could do that in my scenario. Sorry if I was confusing. It's probably more accurate to say that some host "10.23.4.209" is going to try to reach 10.0.0.1, and 10.0.0.250 is the last hop on the way there. Now does that sound better? On Thu, 2003-06-19 at 17:10, George Vieira wrote: > The only way I know of to do that is use iproute2 (or ifconfig) and add that IP to the firewalls eth0 device and fix your rule (lowercase J). > > ip addr add 10.0.0.1/8 dev eth0 > iptables -t nat -I PREROUTING -i eth0 -d 10.0.0.1 -j DNAT \ > --to 192.168.0.1 > > I think that'll work OK.. > > Thanks, > ____________________________________________ > George Vieira > Systems Manager > georgev@xxxxxxxxxxxxxxxxxxxxxx > > Citadel Computer Systems Pty Ltd > http://www.citadelcomputer.com.au > > Phone : +61 2 9955 2644 > HelpDesk: +61 2 9955 2698 > > > -----Original Message----- > From: Shawn [mailto:core@xxxxxxxxxx] > Sent: Friday, June 20, 2003 7:07 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Is this correct? > > > I have a, iptables statement I would just like someone to say if I have > it right. > > Let's say I have a linux box with eth0=10.0.0.250 and > eth1=192.168.0.250, and there's a host (192.168.0.1) connected to eth1. > I want to route connections from hosts in 10.0.0.0/24 land to 10.0.0.1 > onto the linux box's eth0, and have them NATed to 192.168.0.1 > > Will the following statement do that? > > iptables -t nat -I PREROUTING -i eth0 -d 10.0.0.1 -J DNAT \ > --to 192.168.0.1 > > >
