Shirley Ong escreveu:
Hi,
I'm trying to map a range of private IP addresses to a range of public
IP addresses. For this, I'm using SNAT:
# iptables -t nat -A POSTROUTING -s <private range> -d ! <private
range> -j SNAT --to-source <public range>
The public range is higher than private range. I can see from
conntrack that the last 2 octets of original and natted IP addresses
are always the same. Can I be sure that the mapping is always correct
without parsing conntrack from time to time because it's heavy
processing? Or is there any other way that I can make sure the mapping
is always correct?
it's seems to me that using NETMAP target will be more interesting
to you than using SNAT. AFAIK, SNAT does not guarantees you that.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
