On Thursday 29 December 2011 04:24 PM, Vigneswaran R wrote:
On Thursday 29 December 2011 03:12 PM, Andrew Stone wrote:
I now have:
ip address add a.b.c.240/29 dev ppp0 broadcast a.b.c.247
iptables -t nat -I PREROUTING -d a.b.c.241 -j DNAT --to-destination
192.168.1.69
iptables -t nat -I POSTROUTING -s 192.168.1.69 -j SNAT --to-source
a.b.c.241
iptables -t nat -A PREROUTING -d a.b.c.242 -j DNAT --to-destination
192.168.1.100-192.168.1.150
iptables -t nat -A POSTROUTING -s 192.168.1.100-192.168.1.150 -j SNAT
--to-source a.b.c.242
The .69 machine correctly has .241 ... however the machines located in
the range do not have .242 ?
Is this is correct way to specify a nat range with iptables?
From 'man iptables',
"""
In Kernels up to 2.6.10 you can add several --to-destination options.
For those kernels, if you specify more than one des‐
tination address, either via an address range or multiple
--to-destination options, a simple round-robin (one after another
in cycle) load balancing takes place between these addresses. Later
Kernels (>= 2.6.11-rc1) don't have the ability to NAT
to multiple ranges anymore.
"""
And it seems, to specify a source address range, we need to use
address/mask or a comma (not '-') separated list of such combination.
Syntax:
-s, --source address[/mask][,...]
Regards,
Vignesh
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html