On Thu, 2004-12-09 at 12:22, Irvin, Michael Thad wrote: > I'm kinda new at this iptables thing. I've been running into a problem with > trying to NAT for a class C subnetted class A network...i.e. 10.168.1.0/24. > The syntax I've been using is as follows -- $ipt -t nat -A POSTROUTING -o > $outside -j SNAT -to-source $lan, with the variable $lan = "10.168.1.0/24". > Everytime I've ran the script I get the following error <iptables v.x.x.x > Bad IP Address. Can anyone please help me with the proper syntax to make > this work? I've tried various options such the one above, also including > the whole subnetmask and playing around with different delimitation > options, nothing seems to work. <snip> I generally use the NETMAP patch from patch-o-matic for this. SNAT/DNAT does not necessarily create a straight mapping of addresses as far as I know whereas NETMAP does. In fact we use it all the time in the ISCS network security project (http://iscs.sourceforge.net) to resolve conflicting IP address space problems. Hope this helps - John -- John A. Sullivan III Open Source Development Corporation Financially sustainable open source development http://www.opensourcedevel.com
