Jason, So I would do something like [0:0] -A PREROUTING -d 66.121.12.64/26 -j NETMAP --to 10.0.12.64/26 Instead of: [0:0] -A PREROUTING -d 66.121.12.64 -j DNAT --to-destination 10.0.12.64 And [0:0] -A POSTROUTING -d 10.0.12.64/26 -j NETMAP --to 66.121.12.64/26 Instead of: [0:0] -A POSTROUTING -o eth0 -s 10.0.12.64 -j SNAT --to-source 66.121.12.64 And [0:0] -A OUTPUT -d 66.121.12.64/26 -j NETMAP --to OUTPUT 10.0.12.64/26 Instead of: [0:0] -A OUTPUT -d 66.121.12.64 -j DNAT --to-destination 10.0.12.64 Is this correct? Please note, not valid external IP's... > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jason Opperisano > Sent: Thursday, April 14, 2005 10:29 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: DNAT/SNAT question > > > this is the job of the NETMAP target. and you would do it in two rules, > one POSTROUTING (SNAT), and one PREROUTING (DNAT). > > HTH... > > -j > > -- > "Stewie: HA! That's so funny I forgot to laugh! Excluding that first > 'ha.'" > --Family Guy
