Hello,
Jan Engelhardt a écrit :
iptables -t nat -A ydm1 -j LOG "[Adress got SNATed to 134.76.13.21] "
iptables -t nat -A ydm1 -j SNAT --to 134.76.13.21
It already was a complete example. When you SNAT, you know you do.
Not always.
- A NAT may fail due to a conflict with an existing mapping, so you
believe you SNAT but actually don't. However I do admit that this
situation is unlikely to happen when you don't retrict the port range in
the SNAT target.
- Implicit SNAT may be performed to avoid conflict with an existing
rule, so you SNAT but do not know you do.
I rarely need ranges, mostly because it does not RR over
them like I thought it does :(
It used to, prior to kernel version 2.6.11. And I believe it still does
in the latest 2.4 kernel. But the developpers thought this behaviour was
not desirable because it broke some usages and replaced the round robin
with a hash so the same original source+destination pair always gets the
same address in the SNAT range.
