Re: NAT & FORWARDING - Srinivasa Hebbar

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Srinivasa Hebbar <sshebbar@yahoo.com>
To: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: NAT & FORWARDING
Date: Fri, 30 Jan 2004 10:20:53 +0530	[thread overview]
Message-ID: <200401301020.53669.sshebbar@yahoo.com> (raw)
In-Reply-To: <1075422511.1868.18.camel@jasiiitosh.nexusmgmt.com>

Dear John,

Your solution works fine for me.
Actually, I want to know how I can build a NAT rule 
which will have "and" condition.

My box has atleast 50 interfaces and I want to do NAT on
all interfaces except "eth0" and "xpeth0"

So I want some thing like, 

iptables -t nat -A PREROUTING  -i ! (eth0 && xpeth0)  -p tcp --dport 3021 -j 
ACCEPT

But, the iptables doesn't take the above syntax.

Could you give me some hint how to solve the above probelm.
One solution is to add the rule for all other 48 interfaces
to accept the connection on port 3021. I can't use wildcards because each 
interface name is different.

Regards,
S. Hebbar.

> On Thu, 2004-01-29 at 09:23, Srinivasa Hebbar wrote:
> > Hello,
> >
> > I believe that the NAT PREROUTING and POSTROUTING will
> > always takes place for all the incoming/outgoing packets
> > irrespective of whether the packet is destined to the node or not.
> >
> > I have a situation that if the dest. IP address of the packet is
> > for the local node, then apply NAT rule, otherwise it should simply
> > forward the packet according to the routing table.
> >
> > How can I achieve the above?
> >
> > Any help is very much appreciated.
> >
> > Regards,
> > S. Hebbar.
>
> Could you give a little more information, please.  That would help us
> understand why you would want to NAT a packet destined for the local
> node itself and why one would not simply NAT only if the destination
> address matched the local node.  Thanks - John

next prev parent reply	other threads:[~2004-01-30  4:50 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-29 14:23 NAT & FORWARDING Srinivasa Hebbar
2004-01-30  0:28 ` John A. Sullivan III
2004-01-30  4:50   ` Srinivasa Hebbar [this message]
2004-01-30  5:35     ` John A. Sullivan III
2004-01-31  9:30     ` Henrik Nordstrom
2004-01-30 15:40 ` Henrik Nordstrom
2004-01-30 15:52   ` Patrick McHardy
  -- strict thread matches above, loose matches on Subject: below --
2005-03-15  6:35 NAT & forwarding Alexander Newald

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200401301020.53669.sshebbar@yahoo.com \
    --to=sshebbar@yahoo.com \
    --cc=john.sullivan@nexusmgmt.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.