Re: Exempt one IP from DNAT for the whole network

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Exempt one IP from DNAT for the whole network
Date: Wed, 21 Jan 2004 13:33:02 +0200	[thread overview]
Message-ID: <1074684782.28849.25.camel@raylinux.internal> (raw)
In-Reply-To: <747032.1074683300483.JavaMail.root@newdil25>

[-- Attachment #1: Type: text/plain, Size: 1384 bytes --]

On Wed, 2004-01-21 at 13:08, alok.shukla@soft.dil.in wrote:
> hi everybody ,,, 
> I have a unique problem. 
>  
> I have created a rule in the prerouting chain in the nat table to DNAT
> every packet coming from 10.11.12.0/24 network to the webserver
> running on the local machine
>  
> Now i want one of the IP from this pool to be exempted from this rule.
> I had put a rule in the mangle table so as to RETURN  from prerouting
> chain.
You need to put the rule in the same chain, just above your other rule.

iptables -t nat -A PREROUTING -i eth0 -p tcp -s 10.11.12.1 -j RETURN
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 10.11.12.0/24 -j DNAT
--to 1.2.3.4

This works for me ...

>  
> I think that this RETURN is not working. I would like to know the
> other ways i can make a machine exempted from the DNAT that is
> occuring.
>  
> Kindly suggest
>  
> Alok Shukla
> 
> 
> ______________________________________________________________________
> Powered by Xgen(Next Generation Email Client)
> http://www.datainfosys.com
> Do not remove this:[XGEN]210120043820224284:NM[-XGEN-]
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2004-01-21 11:33 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-21 11:08 Exempt one IP from DNAT for the whole network alok.shukla
2004-01-21 11:33 ` Ray Leach [this message]
2004-01-21 12:19 ` netfiltering and ethernet bridging doesn't appear to work as advertised, help! Kirk Reiser
2004-01-21 13:20   ` Cedric Blancher
2004-01-21 13:36     ` Kirk Reiser
2004-01-21 13:51       ` Cedric Blancher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1074684782.28849.25.camel@raylinux.internal \
    --to=raymondl@knowledgefactory.co.za \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.