On Thu, Jun 09, 2005 at 01:14:34PM -0400, tech@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Hi Everyone,
> I have a somewhat unusual requirement here. Please let me know if it is
> not clear enough.
>
> >From inside a firewall connected to the internet on outside, I would like
> for all outgoing packets that their destination ports be rewritten in
> addition to being natted.
>
>
> e.g
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 --dport=8080 \
> -j SNAT -o eth0 --to-source $external_ip --dport=80.
close--mapping the destination port is the job of DNAT, not SNAT:
# map requests to tcp port 8080 to port 80
iptables -t nat -A PREROUTING -i $INSIDE_IF -p tcp -s 192.168.0.0/24 \
--dport 8080 -j DNAT --to :80
# snat outbound packets
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 \
-j SNAT --to-source $external_ip
-j
--
"Peter: It's OK, Meg. Your mom is full of Christmas cheer and enough
tranquilizer to take down an elephant."
--Family Guy
