Ajith Adapa a écrit : > Hi > > Sorry I have some changes in my question as I am confused initially. > > linuxbox (p.q.r.t) > | > | > INTERNAL ------ ABCD ----- INTERNET > (p.q.r.s) (m.n.o.k) Please use a fixed-size font for ASCII art, otherwise it may appear all garbled to readers. Here I see linuxbox linked to INTERNET instead of ABCD, and m.n.o.k is linked to nothing. > ABCD has 3 interfaces connected to linuxbox, INTERNAL N/W, INTERNET. > > I am able to ping from INTERNAL to linuxbox. So there is a path > available in routing table. > > At present I am snatting the packets from linuxbox to INTERNET at > ABCD. I have a small doubt regarding the FTP from linuxbox since I > have to support ftp from linuxbox to both INTERNAL N/W as well as in > INTERNET. What kind of doubt ? > How can I write a rule in iptables present in ABCD where it can decide > if the destination ip-address of ftp server is within INTERNAL N/W or > in INTERNET and do natting accordingly. What kind of rule ? You can check whether the destination address is in the internal subnet or you can check the output interface. Usually, SNAT rules are based on the output interface. Anyway, I do not see the relation with FTP. If you use FTP and NAT, you need to load the FTP conntrack and NAT helper modules (nf_conntrack_ftp and nf_nat_ftp), but you do not need to write specific NAT rules for FTP. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html