Is there no reason to be wary of the 'ACCEPT' statement? I did read this in the tutorial (I think), but isn't ACCEPT a terminating action? Sorry to be a pest. Bob -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Antony Stone Sent: Wednesday, November 12, 2003 4:47 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Range of IP's with Exclusions On Wednesday 12 November 2003 10:31 pm, bmcdowell@xxxxxxxxxxxxxxxxxx wrote: > iptables -t NAT -A PREROUTING -d 10.22.1.3 -j DNAT --to 10.22.2.2 > iptables -t NAT -A PREROUTING -d 10.22.1.4 -j DNAT --to 10.22.2.2 > iptables -t NAT -A PREROUTING -d 10.22.1.5 -j DNAT --to 10.22.2.2 > iptables -t NAT -A PREROUTING -d 10.22.1.6 -j DNAT --to 10.22.2.2 > (etc.) > > ...but that is a bit of a pain. > > I keep trying to type in something like: > > iptables -t NAT -A PREROUTING -d 10.22.1.0/24,! 10.22.1.1 -j DNAT > --to 10.22.2.2 > > ...but iptables complains. Try these two rules, in this order: iptables -t NAT -A PREROUTING -d 10.22.1.1 -j ACCEPT iptables -t NAT -A PREROUTING -d 10.22.1.0/24 -j DNAT --to 10.22.2.2 The first will match the address you don't want to DNAT, and only other addresses will match the second rule. Antony. -- If builders built buildings the way programmers write programs, then the first woodpecker that came along would destroy civilisation. Please reply to the list; please don't CC me.
