All of lore.kernel.org
 help / color / mirror / Atom feed
* Iptables rule for multiple Ip addresses.
@ 2004-06-15  5:35 ads nat
  2004-06-15  6:13 ` Cedric Blancher
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: ads nat @ 2004-06-15  5:35 UTC (permalink / raw)
  To: netfilter

Hi,
I am using Redhat Linux 9.0 with Iptables iptables
v1.2.7a.
I am trying to apply this rule for diverting trafic. 
"eth1" is LAN interface for subnet 192.168.0.0/24
##########
[root@xxx root]# iptables -t nat -A PREROUTING -s
192.168.0.2-192.168.0.10 -i eth0 -p tcp -j DNAT --to
10.0.0.2:80
iptables v1.2.7a: host/network
`192.168.0.2-192.168.0.10' not found
Try `iptables -h' or 'iptables --help' for more
information.
##########

It seems it does not accept multipal source addresses.
I sther any other wat do achieve this.
Thanks for support.




	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Iptables rule for multiple Ip addresses.
  2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
@ 2004-06-15  6:13 ` Cedric Blancher
  2004-06-15  7:35 ` Patrick Leslie Polzer
  2004-06-15 11:00 ` John A. Sullivan III
  2 siblings, 0 replies; 4+ messages in thread
From: Cedric Blancher @ 2004-06-15  6:13 UTC (permalink / raw)
  To: ads nat; +Cc: netfilter

Le mar 15/06/2004 à 07:35, ads nat a écrit :
> I am trying to apply this rule for diverting trafic. 
> "eth1" is LAN interface for subnet 192.168.0.0/24
> ##########
> [root@xxx root]# iptables -t nat -A PREROUTING -s
> 192.168.0.2-192.168.0.10 -i eth0 -p tcp -j DNAT --to
> 10.0.0.2:80
> iptables v1.2.7a: host/network
> `192.168.0.2-192.168.0.10' not found
> Try `iptables -h' or 'iptables --help' for more
> information.
> ##########
> It seems it does not accept multipal source addresses.

It does not.
Iptables only accept single address or network as source and/or
destination.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Iptables rule for multiple Ip addresses.
  2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
  2004-06-15  6:13 ` Cedric Blancher
@ 2004-06-15  7:35 ` Patrick Leslie Polzer
  2004-06-15 11:00 ` John A. Sullivan III
  2 siblings, 0 replies; 4+ messages in thread
From: Patrick Leslie Polzer @ 2004-06-15  7:35 UTC (permalink / raw)
  To: netfilter

On Mon, 14 Jun 2004 22:35:49 -0700 (PDT)
ads nat <adsnat@yahoo.com> wrote:

> It seems it does not accept multipal source addresses.
Yes.

> I sther any other wat do achieve this.
Yes, with the iprange module:

http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-iprange

> Thanks for support.
You're welcome.

Leslie


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Iptables rule for multiple Ip addresses.
  2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
  2004-06-15  6:13 ` Cedric Blancher
  2004-06-15  7:35 ` Patrick Leslie Polzer
@ 2004-06-15 11:00 ` John A. Sullivan III
  2 siblings, 0 replies; 4+ messages in thread
From: John A. Sullivan III @ 2004-06-15 11:00 UTC (permalink / raw)
  To: ads nat; +Cc: netfilter

On Tue, 2004-06-15 at 01:35, ads nat wrote:
> Hi,
> I am using Redhat Linux 9.0 with Iptables iptables
> v1.2.7a.
> I am trying to apply this rule for diverting trafic. 
> "eth1" is LAN interface for subnet 192.168.0.0/24
> ##########
> [root@xxx root]# iptables -t nat -A PREROUTING -s
> 192.168.0.2-192.168.0.10 -i eth0 -p tcp -j DNAT --to
> 10.0.0.2:80
> iptables v1.2.7a: host/network
> `192.168.0.2-192.168.0.10' not found
> Try `iptables -h' or 'iptables --help' for more
> information.
> ##########
> 
> It seems it does not accept multipal source addresses.
> I sther any other wat do achieve this.
> Thanks for support.
<snip>
You can either apply the iprange patch from patch-o-matic or, if you do
not want to or cannot patch, break it into several rules using subnets. 
I've used SubnetCreator (http://subnetcreator.sourceforge.net) to help
calculate subnets from ranges, e.g., 
192.168.0.2/31
192.168.0.4/30
192.168.0.8/31
192.168.0.10/32
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-06-15 11:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
2004-06-15  6:13 ` Cedric Blancher
2004-06-15  7:35 ` Patrick Leslie Polzer
2004-06-15 11:00 ` John A. Sullivan III

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.