No problem. You've already done a lot to help put the whole thing under control. Maybe that would be a nice enhancement to the NETMAP in the future... There's always hoping anyways. Gary -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jason Opperisano Sent: Thursday, April 14, 2005 4:40 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: DNAT/SNAT question On Thu, Apr 14, 2005 at 04:28:00PM -0700, Gary W. Smith wrote: > I cleared and reloaded everything and it's now returning an Invalid > argument error. > > Fine: > iptables -t nat -A PREROUTING -d 88.44.55.8/29 -j NETMAP --to > 10.20.30.8/29 > iptables -t nat -A POSTROUTING -s 10.20.30.8/29 -j NETMAP --to > 88.44.55.8/29 > > Error: > iptables -t nat -A OUTPUT -d 88.44.55.8/26 -j NETMAP --to 10.20.30.8/29 > iptables: Invalid argument > > Almost there. aww crap--i had to go an open my big fat mouth without looking at the dang help file... NETMAP is only valid in PREROUTING and POSTROUTING...so no dice in OUTPUT... looks like you gotta go the old 'for loop' route: for i in `seq 8 127`; do iptables -t nat -A OUTPUT -d 88.44.55.${i} -j DNAT --to 10.20.30.${i} done sorry 'bout that... -j -- "Lois: Meg, I'm like one of those bald eagles you see on the Discovery Channel. Beautiful to look at, but mess with one of my chicks and I'll claw your fucking eyes out. Now who wants a cookie? Stewie: I do. Ooh, keep talking. All this talk about eye-gouging has got me all frisky." --Family Guy
