On Saturday 2005-September-03 14:28, ISC Jorge Ceron Galvan wrote: > > > I currently have a situation that I am hoping iptables can > > > resolve. The issue is that I need to NAT the source address based > > > on the destination address. Is that possible with IPTables ? > > > > Trivial. > > > > > if dst = 1.1.1.1 src = 10.1.1.1 > > > > iptables -vt nat -A POSTROUTING -d 1.1.1.1 -j SNAT -to 10.1.1.1 > > why -vt? > > this rule confused me, I'm a begginer; All the more reason to RTFM, as previously suggested. Hint: the -v option to iptables does the same thing as does the -v option to most other command line programs. > what about > > iptables -t nat -A POSTROUTING -s 10.1.1.1/24 -j SNAT --to 1.1.1.1 This is not what the OP said was wanted. That is SNAT based on the source address, not the destination. > iptables -t nat -A POSTROUTING -o eth0 -s 10.1.1.1/24 -j SNAT --to > 1.1.1.1 Same thing, with the additional specification of output interface. You can, of course, specify more matching options to limit the packets selected by the rule. It *is* common to limit SNAT based upon source address too. > > > Can anyone give me any advice on completing that? > > > > "man iptables" > > > > Order matters. If you have a catchall SNAT rule before the specific > > destination ones, the catchall is the one used. > > > > NAT != routing. If your SNAT'ed IP addresses need to go out > > different interfaces, this won't work. See the LARTC HOWTO. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header