On Wednesday 12 November 2003 10:31 pm, bmcdowell@xxxxxxxxxxxxxxxxxx wrote:
> iptables -t NAT -A PREROUTING -d 10.22.1.3 -j DNAT --to 10.22.2.2
> iptables -t NAT -A PREROUTING -d 10.22.1.4 -j DNAT --to 10.22.2.2
> iptables -t NAT -A PREROUTING -d 10.22.1.5 -j DNAT --to 10.22.2.2
> iptables -t NAT -A PREROUTING -d 10.22.1.6 -j DNAT --to 10.22.2.2
> (etc.)
>
> ...but that is a bit of a pain.
>
> I keep trying to type in something like:
>
> iptables -t NAT -A PREROUTING -d 10.22.1.0/24,! 10.22.1.1 -j DNAT
> --to 10.22.2.2
>
> ...but iptables complains.
Try these two rules, in this order:
iptables -t NAT -A PREROUTING -d 10.22.1.1 -j ACCEPT
iptables -t NAT -A PREROUTING -d 10.22.1.0/24 -j DNAT --to 10.22.2.2
The first will match the address you don't want to DNAT, and only other
addresses will match the second rule.
Antony.
--
If builders built buildings the way programmers write programs,
then the first woodpecker that came along would destroy civilisation.
Please reply to the list;
please don't CC me.
