On Wednesday 25 February 2004 10:40 pm, Michael Brown wrote:
> How can I specify a SNAT rule to exclude multiple destination networks?
Create a user-defined list which checks for the excluded networks, and then
does the SNAT at the end (for all addresses which didn't match).
> Is there a way to do something like
>
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -s
> 172.28.22.0/255.255.255.0 -d ! 172.0.0.0/8,10.0.0.0/8,192.168.0.0/16 -j
> SNAT --to-source 64.243.144.209
>
> I 've tried spaces between the networks, commas, semi-colon, nada
No; as you've discovered, you can't have multiple matches (either with or
without the !).
Try:
iptables -N MYSNAT -t nat
iptables -A POSTROUTING -s 172.28.22.0/24 -j MYSNAT
iptables -A MYSNAT -t nat -d 10.0.0.0/8 -j RETURN
iptables -A MYSNAT -t nat -d 172.16.0.0/12 -j RETURN
iptables -A MYSNAT -t nat -d 192.168.0.0/16 -j RETURN
iptables -A MYSNAT -t nat -j SNAT --to 64.243.144.209
Antony.
--
"The joy of X!!?? I've always hated compiling graphical shite. You have a 10
line program, and it ends up depending on the entire known universe."
- Philip Hands
Please reply to the list;
please don't CC me.
