On Tuesday 16 March 2004 3:58 pm, Jose Luis Faria wrote:
> Hello,
>
> I have a firewall inside my organization, but I want to preserve some
> source IPs, and the rest must be SNATed:
>
> the host 1 and host 2 must arrive to the license server with the original
> IP( 192.168.0.1/2) and the others host must be translated with SNAT into
> 193.137.1.1.
I assume you currently have a POSTROUTING rule:
iptables -A POSTROUTING -t nat -o $extIF -j SNAT --to 193.137.1.1
Well, simply put two rules in front of this:
iptables -I POSTROUTING -t nat -s 192.168.0.1 -d a.b.c.d -j ACCEPT
iptables -I POSTROUTING -t nat -s 192.168.0.2 -d a.b.c.d -j ACCEPT
Where a.b.c.d is the IP address of the licence server.
Make sure the routing table on the licence server knows how to send packets to
192.168.0.1 correctly.
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
