On Wednesday 31 March 2004 10:21 pm, Antony Stone wrote:
> > MASQs="192.168.0.2 192.168.0.102"
> >
> > for MASQ in $MASQs;
> > do
> > iptables -t nat -A POSTROUTING -s $MASQ -o ppp0 -j MASQUERADE
> > done
>
> The reason why this doesn't work is that it creates two rules for you; the
> first one says "for any address other than 192.168.0.2, MASQUERADE", the
> second one says "for any address other than 192.168.0.102, MASQUERADE".
> Every single address will match at least one of those rules, therefore
> everything gets MASQUERADEd.
Sorry! I quoted the wrong section from your rules to give this explanation.
I should have quoted this loop instead (the one with the negation):
> for MASQ in $MASQs;
> do
> iptables -t nat -A PREROUTING -s ! $MASQ -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> done
Hopefully you can see the logic of what I explained earlier, and how it
applies to these two rules, even though I misquoted previously.
Oops :)
Antony.
--
How I want a drink, alcoholic of course, after the heavy chapters involving
quantum mechanics.
- 3.14159265358979
Please reply to the list;
please don't CC me.
