From mboxrd@z Thu Jan 1 00:00:00 1970 From: "John A. Sullivan III" Subject: Re: NATTING for a whole network. Date: Fri, 10 Dec 2004 14:02:01 -0500 Message-ID: <1102705228.3295.15.camel@localhost> References: <4D7EBAB4CCB6DB4AB7EE598E9ED186950474D69B@asusfl45cex08.us-fl.cards.citicorp.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4D7EBAB4CCB6DB4AB7EE598E9ED186950474D69B@asusfl45cex08.us-fl.cards.citicorp.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: "Irvin, Michael Thad" Cc: "'netfilter@lists.netfilter.org'" On Thu, 2004-12-09 at 12:22, Irvin, Michael Thad wrote: > I'm kinda new at this iptables thing. I've been running into a problem with > trying to NAT for a class C subnetted class A network...i.e. 10.168.1.0/24. > The syntax I've been using is as follows -- $ipt -t nat -A POSTROUTING -o > $outside -j SNAT -to-source $lan, with the variable $lan = "10.168.1.0/24". > Everytime I've ran the script I get the following error Bad IP Address. Can anyone please help me with the proper syntax to make > this work? I've tried various options such the one above, also including > the whole subnetmask and playing around with different delimitation > options, nothing seems to work. I generally use the NETMAP patch from patch-o-matic for this. SNAT/DNAT does not necessarily create a straight mapping of addresses as far as I know whereas NETMAP does. In fact we use it all the time in the ISCS network security project (http://iscs.sourceforge.net) to resolve conflicting IP address space problems. Hope this helps - John -- John A. Sullivan III Open Source Development Corporation Financially sustainable open source development http://www.opensourcedevel.com