On 5 January 2012 09:59, Rob Sterenborg (lists) <lists@xxxxxxxxxxxxxxx> wrote:
> On Sun, 2012-01-01 at 17:10 +0100, Anton Melser wrote:
>> I thought that the best way to go would be to set up NAT using blocks
>> in the 10.0.0.0 range. So say for each external IP I would have a /24,
>> giving me up to 250-odd potential internal machines. So 10.1.1.1,
>> 10.1.1.2, 10.1.1.3, etc. would map to 1.1.1.1; 10.1.2.1, 10.1.2.2,
>> 10.1.2.3, etc. would map to 1.1.1.2, etc.
>> I have been reading as many sites as I can but I can't work out the
>> best way to go forward.
>
> So, I think I understand that you want to SNAT a complete private subnet
> to a corresponding public subnet. Is the NETMAP target usable for you,
> or am I misunderstanding you completely?
> Something like:
>
> iptables -t nat -A POSTROUTING -s ${private_subnet} -j NETMAP --to
> ${public_subnet}
Thanks for the suggestion. It appears that NETMAP does 1:1 and both
SNAT and DNAT. I need to do many:1 lots of times (so (many:1)*n), and
I don't need (or want actually) DNAT. Is it possible to use NETMAP to
do this?
Thanks.
Anton
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
