On Sat, Dec 13, 2014 at 4:30 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote:
> John Miller a écrit :
>>
>> iptables -t mangle -A OUTPUT -d 172.16.0.0/16 -j NETMAP --to 129.64.0.0/16
>
> The NETMAP target is valid only in the nat table.
Just had a look at the iptables-extensions(8) manpage. You're
definitely correct:
NETMAP
This target allows you to statically map a whole network of addresses
onto another network of addresses. It can only be used from rules in
the nat table.
Looks like the Frozentux tutorial
(https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#NETMAPTARGET)
made a typo in its example. The nat table definitely makes more
sense; the mangle table wouldn't keep track of TCP streams, which is
the whole point.
I thank you for your correction and help: because of it, I've learned
more about iptables than I had in quite a while.
John
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
