On Thursday 19 February 2004 4:23 pm, John Black wrote:
> >this assumption is because you're saying 161.x.x.x/21 as destination,
> >all other destinations that doesnt belong to 161.x.x.x to
> >161.x.x+8.x+255 will be not nat'ed
>
> right now i just have 1 class C private network.
>
> At work i have a static class B ipaddress of 161.x.x.x/255.255.252.0 with
> the private class C network 192.168.0.0/255.255.255.0
We are talking about the *destination* address of your packets.
The SNAT rule you currently have:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -d 161.x.x.x/21 -j
SNAT --to 161.x.x.x
Says:
- for packets which have a source address in the range 192.168.0.0/24
- and are going out of interface eth0
- and have a destination address in the range 161.x.x.x/21
translate the source address to 161.x.x.x
Any other packets (eg: ones with a destination address of the netfilter
website server) will not match this rule, and will not be translated.
I think you simply need to remove the "-d 161.x.x.x/21" from your rule and
things will start working the way you want.
Regards,
Antony.
--
Ramdisk is not an installation procedure.
Please reply to the list;
please don't CC me.
