Firstly, what benefit are you trying to get from having multiple jumps on the same subnet? It seems needlessly complicated. You can 'bounce' off an interface with some dirty work. Example: # Redirect all traffic coming from 192.168.1.* to 192.168.1.222, assuming that 192.168.1.222 is the default gateway for this gateway. I am assuming the internal IP address of this computer is 192.168.1.200 # You don't need the mark, but what the hell, its there if you like it :-) iptables -t mangle -A PREROUTING -s 192.168.1.0/16 -j MARK --set-mark 222 iptables -t nat -A POSTROUTING -d 192.168.1.222 -m mark --mark 222 -j SNAT --to 192.168.1.200 # Allow in-out forwarding if using locked down FORWARD chain iptables -t filter -A FORWARD -i eth1 -o eth1 -j ACCEPT Mind you, because of the SNAT, you have to drop the benefit of knowing the source address at the second gateway. -----Original Message----- From: decompose [mailto:decompose@xxxxxxxxxxxx] Sent: Wednesday, March 31, 2004 10:47 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: I'm sure you can solve this Hi Ive read the docs and still can't work it out (Yes I'm stupid) Background: I want to forward traffic from hosts on the switch to through router A to router B. (and later from router B to a host on the switch, but i guess I could just invert the first problem). I think one of the reasons i'm having trouble with this is because all hosts are on the same subnet (here is the setup) [switch]-->[router A]-->[router B]-->(Inet) 192.168.0/24 Ive tryed various things this being one of them (where x is a host on the switch) iptables -t mangle -A POSTROUTING -p tcp -s 192.168.0.x -d 192.168.0.223 --destination-port 80 I hope my question is clear enough. Thanks in advance
