On Friday 30 January 2004 12:23 pm, John A. Sullivan III wrote:
> On Fri, 2004-01-30 at 05:25, Antony Stone wrote:
> >
> > Place the destination address in the nat rule, eg:
> >
> > iptables -A PREROUTING -t nat -d ! my.ip.add.ress -j DNAT --to a.b.c.d
> >
> > This means "destination nat all packets which are not addressed to
> > my.ip.add.ress and send them to a.b.c.d".
>
> This is true but she went on to state in a later e-mail that she has
> many interfaces and needs to exclude two. That's a knarly problem I've
> run into many times with the limitation of only being able to specify a
> single address/subnet (or a contiguous range with iprange) in
> destination and source.
>
> I suggested using a RETURN target to bypass processing for the two
> excluded interfaces although I was surprised to not find RETURN in my
> man page. I hope I wasn't having a premature senior moment when I
> recalled the RETURN target! Thanks - John
Oh, okay - try using ACCEPT in the nat table to stop packets continuing to
later rules..
RETURN is only valid for user-defined chains (I think).
Regards,
Antony.
--
Behind the counter a boy with a shaven head stared vacantly into space,
a dozen spikes of microsoft protruding from the socket behind his ear.
- William Gibson, Neuromancer (1984)
Please reply to the list;
please don't CC me.
