On Friday, December 12, 2014 06:55:21 PM John Miller wrote: > Hi folks, > > We're running a server that scan local systems for installed SSL > certificates. Problem is, the tool truly means local -- RFC1918 private > ranges only, please. Being a university, we have quite a few things > located in public IP space that aren't necessarily world-accessible > (development servers and the like). > > My solution thus far has been to use DNAT to trick our scanning program > into thinking it's using local addresses. > > iptables -t nat -A OUTPUT -d 172.16.x.y -j DNAT \ > --to-destination 129.64.x.y This might point you in the right direction: iptables -t nat -A PREROUTING -s 172.16.0.0/16 \ -j DNAT --to-destination 129.64.0.0-129.64.255.255 But I don't know if it provides predictable 1:1 mapping. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
