On Sat, 2004-12-11 at 10:39, Jozsef Kadlecsik wrote: > Hi, > > On Fri, 10 Dec 2004, Brett Oster wrote: > > > I'm looking for a way to make my iptables rules more manageable, and so > > I am attempting to use ipset. However, I am not sure if it does what I > > am trying to do. I have many subnets that need to be SNATed > > differently depending upon their destination. As a test, I made two > > iphash sets and loaded in one of my sets of sources and one set of > > destinations. However, when I try to apply the iptables rule, I get the > > error: > > > > iptables v1.3.0: Unknown arg `destination' > > > > I am running 2.6.9 with the most current iptables, pom, and ipset from > > Jozsef Kadlecsik's website > > (http://people.netfilter.org/kadlec/ipset/install.html) > > You are using the old ipset binary. From the URL above you can donwnload > ipset 2.0. Do you have two binaries installed at different locations > and the old one is found according to your PATH settings? > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary I have ipset 2.0, I compiled it when I compiled the new iptables and kernel, and I have no old binary on that system. As far as I can tell, ipset is working ok. I think my problem is that I am not sure how to correctly phrase the iptables line. I tried a few variations on this: "iptables -t nat -A POSTROUTING -m set --set sources src -m set --set destination dst -j SNAT --to-source <IP ADDRESS>", however, I've not gotten it correct yet. Please let me know if what I'm trying to do is possible, and if it is, how to properly phrase it. Thanks for your help. Brett Oster
