Re: Range of IP's with Exclusions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 12 November 2003 10:31 pm, bmcdowell@xxxxxxxxxxxxxxxxxx wrote:

> iptables -t NAT -A PREROUTING -d 10.22.1.3 -j DNAT --to 10.22.2.2
> iptables -t NAT -A PREROUTING -d 10.22.1.4 -j DNAT --to 10.22.2.2
> iptables -t NAT -A PREROUTING -d 10.22.1.5 -j DNAT --to 10.22.2.2
> iptables -t NAT -A PREROUTING -d 10.22.1.6 -j DNAT --to 10.22.2.2
> (etc.)
>
> ...but that is a bit of a pain.
>
> I keep trying to type in something like:
>
> iptables -t NAT -A PREROUTING -d 10.22.1.0/24,! 10.22.1.1 -j DNAT
> --to 10.22.2.2
>
> ...but iptables complains.

Try these two rules, in this order:

iptables -t NAT -A PREROUTING -d 10.22.1.1 -j ACCEPT
iptables -t NAT -A PREROUTING -d 10.22.1.0/24 -j DNAT --to 10.22.2.2

The first will match the address you don't want to DNAT, and only other 
addresses will match the second rule.

Antony.

-- 

If builders built buildings the way programmers write programs,
then the first woodpecker that came along would destroy civilisation.
                                                     Please reply to the list;
                                                           please don't CC me.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux