first, thank you for your answer :) sorry for my poor English.... ok.. explain again.. i'm administrator of our school's computer lab, i have 50 static real ip. and i have 50 computers.. but some server that we need just allows to connect just 10 static ip. so, i wanna use SNAT, it can be possible any 10 seats can use that server. is it clear? for example, # SNAT pool for remaining IP's iptables -t nat -A POSTROUTING \ -m iprange --src-range 192.168.0.1-192.168.0.50 \ -j SNAT --to-source 1.1.1.1-1.1.1.10 and rest of 40 private ip ( any ip, it can be 192.168.0.1<http://192.168.0.1>, 192.168.0.8 <http://192.168.0.8>, 192.168.0.13-192.168.0.50 ) are needed to map 1:1 to 1.1.1.10-1.1.1.50.. but i heard iprange match module, just *match* that rule, so.. it could make NAT to 1.1.1.1:1000 <http://1.1.1.1:1000> from another private ip although 1.1.1.1 <http://1.1.1.1> is already connected to 192.168.0.1<http://192.168.0.1>... ( port nat.. ) could you help me? i made a new target module is similar with NETMAP target, that module get works like this : iptables -t nat -A POSTROUTING -d 192.168.0.1-192.168.0.50 -j SNAT --to 1.1.1.1-1.1.1.10 but i don know how to move the packets the next rule after all static ip are used.. if all 1.1.1.1-1.1.1.10 are connected from 10 ip of 192.168.0.1-192.168.0.50 , another ip's packets are dropped.. sorry again for my poor English.. 2005/7/14, Jason Opperisano <opie@xxxxxxxxxxx>: > > On Thu, Jul 14, 2005 at 07:24:28AM +0900, JinHyung Park wrote: > > hi.. > > i want to make a new target that works like SNAT, but M:N SNAT.. > > i mean, there are 50 computers and each has a private ip like > 192.168.0.x.. > > 10 computers need a specific ip of my 50 real ip. > > so, i want that computers to give given range IPs, and another computers > > follow anoter iptables rule. > > for example, i have 1.1.1.1~1.1.1.50 ip, and 1.1.1.1~1.1.1.10 is special > > IPs.. > > and my 50 computers has a private network, 192.168.0.1~192.168.0.50, > > some computer that need specific IP assign ( range 1.1.1.1~1.1.1.10 ) > and > > another 40 computers just follow other iptables rule.. > > (like, > > iptables -t nat -A POSTROUTING -d 192.168.0.1-192.168.0.50 -j NEWTARGET > --to > > 1.1.1.1-1.1.1.10 > > and, if all 1.1.1.1-1.1.1.10 are used, other private computer follow > > another rule.. ) > > i checked ipt_NETMAP.c, just my thought, make a newtarget likes NETMAP > with > > idea like ip pool, but i don know how to pass the next rule if all > > 1.1.1.1-1.1.1.10 are used. if there is no IP, just return NF_ACCEPT ? ;; > > does I make a sense? > > please help me... > > i am surely unclear on what you're trying to do, but if the situation is > that 192.168.0.1 <http://192.168.0.1> - 192.168.0.10 <http://192.168.0.10>need to be statically mapped to > 1.1.1.1 <http://1.1.1.1> > - 1.1.1.10 <http://1.1.1.10>, and the rest of the network should be mapped > to the > remaining pool of public addresses, 1.1.1.11 <http://1.1.1.11> - 1.1.1.50<http://1.1.1.50>, > you could just > use SNAT rules: > > # one-to-one mappings for .1 - .10 > for i in `seq 1 10`; do > iptables -t nat -A POSTROUTING -s 192.168.0.${i} \ > -j SNAT --to-source 1.1.1.${i} > done > > # SNAT pool for remaining IP's > iptables -t nat -A POSTROUTING \ > -m iprange --src-range 192.168.0.11-192.168.0.254 \ > -j SNAT --to-source 1.1.1.11-1.1.1.50 > > i'm sure i've missed the point, but who knows--maybe not. > > -j > > -- > "Stewie: Now look here...Jo-LENE. I have an army to raise and I must > get to Managua at once. I require a window seat and an in-flight Happy > Meal. BUT NO PICKLES. OH, GOD HELP YOU IF I FIND PICKLES." > --Family Guy > > -- ----------------------------- +82-10-3161-0419 (Korea,South) jinhyung@xxxxxxxxx -----------------------------
