On Fri, 2004-01-30 at 05:25, Antony Stone wrote: > On Thursday 29 January 2004 2:02 pm, Srinivasa Hebbar wrote: > > > Hello, > > > > I believe that the NAT PREROUTING and POSTROUTING will > > always takes place for all the incoming/outgoing packets > > irrespective of whether the packet is destined to the node or not. > > > > I have a situvation that if the dest. IP address of the packet is > > for the local node, then apply NAT rule, otherwise it should simply > > forward the packet according to the routing table. > > > > How can I achive the above? > > Place the destination address in the nat rule, eg: > > iptables -A PREROUTING -t nat -d ! my.ip.add.ress -j DNAT --to a.b.c.d > > This means "destination nat all packets which are not addressed to > my.ip.add.ress and send them to a.b.c.d". > > Regards, > > Antony. This is true but she went on to state in a later e-mail that she has many interfaces and needs to exclude two. That's a knarly problem I've run into many times with the limitation of only being able to specify a single address/subnet (or a contiguous range with iprange) in destination and source. I suggested using a RETURN target to bypass processing for the two excluded interfaces although I was surprised to not find RETURN in my man page. I hope I wasn't having a premature senior moment when I recalled the RETURN target! Thanks - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx
