Iptables rule for multiple Ip addresses.

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Iptables rule for multiple Ip addresses.
@ 2004-06-15  5:35 ads nat
  2004-06-15  6:13 ` Cedric Blancher
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: ads nat @ 2004-06-15  5:35 UTC (permalink / raw)
  To: netfilter

Hi,
I am using Redhat Linux 9.0 with Iptables iptables
v1.2.7a.
I am trying to apply this rule for diverting trafic. 
"eth1" is LAN interface for subnet 192.168.0.0/24
##########
[root@xxx root]# iptables -t nat -A PREROUTING -s
192.168.0.2-192.168.0.10 -i eth0 -p tcp -j DNAT --to
10.0.0.2:80
iptables v1.2.7a: host/network
`192.168.0.2-192.168.0.10' not found
Try `iptables -h' or 'iptables --help' for more
information.
##########

It seems it does not accept multipal source addresses.
I sther any other wat do achieve this.
Thanks for support.

__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Iptables rule for multiple Ip addresses.
  2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
@ 2004-06-15  6:13 ` Cedric Blancher
  2004-06-15  7:35 ` Patrick Leslie Polzer
  2004-06-15 11:00 ` John A. Sullivan III
  2 siblings, 0 replies; 4+ messages in thread
From: Cedric Blancher @ 2004-06-15  6:13 UTC (permalink / raw)
  To: ads nat; +Cc: netfilter

Le mar 15/06/2004 à 07:35, ads nat a écrit :
> I am trying to apply this rule for diverting trafic. 
> "eth1" is LAN interface for subnet 192.168.0.0/24
> ##########
> [root@xxx root]# iptables -t nat -A PREROUTING -s
> 192.168.0.2-192.168.0.10 -i eth0 -p tcp -j DNAT --to
> 10.0.0.2:80
> iptables v1.2.7a: host/network
> `192.168.0.2-192.168.0.10' not found
> Try `iptables -h' or 'iptables --help' for more
> information.
> ##########
> It seems it does not accept multipal source addresses.

It does not.
Iptables only accept single address or network as source and/or
destination.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Iptables rule for multiple Ip addresses.
  2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
  2004-06-15  6:13 ` Cedric Blancher
@ 2004-06-15  7:35 ` Patrick Leslie Polzer
  2004-06-15 11:00 ` John A. Sullivan III
  2 siblings, 0 replies; 4+ messages in thread
From: Patrick Leslie Polzer @ 2004-06-15  7:35 UTC (permalink / raw)
  To: netfilter

On Mon, 14 Jun 2004 22:35:49 -0700 (PDT)
ads nat <adsnat@yahoo.com> wrote:

> It seems it does not accept multipal source addresses.
Yes.

> I sther any other wat do achieve this.
Yes, with the iprange module:

http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-iprange

> Thanks for support.
You're welcome.

Leslie


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Iptables rule for multiple Ip addresses.
  2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
  2004-06-15  6:13 ` Cedric Blancher
  2004-06-15  7:35 ` Patrick Leslie Polzer
@ 2004-06-15 11:00 ` John A. Sullivan III
  2 siblings, 0 replies; 4+ messages in thread
From: John A. Sullivan III @ 2004-06-15 11:00 UTC (permalink / raw)
  To: ads nat; +Cc: netfilter

On Tue, 2004-06-15 at 01:35, ads nat wrote:
> Hi,
> I am using Redhat Linux 9.0 with Iptables iptables
> v1.2.7a.
> I am trying to apply this rule for diverting trafic. 
> "eth1" is LAN interface for subnet 192.168.0.0/24
> ##########
> [root@xxx root]# iptables -t nat -A PREROUTING -s
> 192.168.0.2-192.168.0.10 -i eth0 -p tcp -j DNAT --to
> 10.0.0.2:80
> iptables v1.2.7a: host/network
> `192.168.0.2-192.168.0.10' not found
> Try `iptables -h' or 'iptables --help' for more
> information.
> ##########
> 
> It seems it does not accept multipal source addresses.
> I sther any other wat do achieve this.
> Thanks for support.
<snip>
You can either apply the iprange patch from patch-o-matic or, if you do
not want to or cannot patch, break it into several rules using subnets. 
I've used SubnetCreator (http://subnetcreator.sourceforge.net) to help
calculate subnets from ranges, e.g., 
192.168.0.2/31
192.168.0.4/30
192.168.0.8/31
192.168.0.10/32
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2004-06-15 11:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-15  5:35 Iptables rule for multiple Ip addresses ads nat
2004-06-15  6:13 ` Cedric Blancher
2004-06-15  7:35 ` Patrick Leslie Polzer
2004-06-15 11:00 ` John A. Sullivan III

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox