From: Vigneswaran R <vignesh@atc.tcs.com>
To: Andrew Stone <andrew@stonie.net>
Cc: netfilter@vger.kernel.org
Subject: Re: NAT WAN IP to internal range?
Date: Thu, 29 Dec 2011 16:37:31 +0530 [thread overview]
Message-ID: <4EFC49F3.2040009@atc.tcs.com> (raw)
In-Reply-To: <4EFC46CE.8010202@atc.tcs.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="windows-1252"; format="flowed", Size: 1450 bytes --]
On Thursday 29 December 2011 04:24 PM, Vigneswaran R wrote:
> On Thursday 29 December 2011 03:12 PM, Andrew Stone wrote:
>> I now have:
>>
>> ip address add a.b.c.240/29 dev ppp0 broadcast a.b.c.247
>>
>> iptables -t nat -I PREROUTING -d a.b.c.241 -j DNAT --to-destination
>> 192.168.1.69
>> iptables -t nat -I POSTROUTING -s 192.168.1.69 -j SNAT --to-source
>> a.b.c.241
>>
>> iptables -t nat -A PREROUTING -d a.b.c.242 -j DNAT --to-destination
>> 192.168.1.100-192.168.1.150
>> iptables -t nat -A POSTROUTING -s 192.168.1.100-192.168.1.150 -j SNAT
>> --to-source a.b.c.242
>>
>>
>> The .69 machine correctly has .241 ... however the machines located in
>> the range do not have .242 ?
>>
>> Is this is correct way to specify a nat range with iptables?
>
> From 'man iptables',
>
> """
> In Kernels up to 2.6.10 you can add several --to-destination options.
> For those kernels, if you specify more than one des‐
> tination address, either via an address range or multiple
> --to-destination options, a simple round-robin (one after another
> in cycle) load balancing takes place between these addresses. Later
> Kernels (>= 2.6.11-rc1) don't have the ability to NAT
> to multiple ranges anymore.
> """
And it seems, to specify a source address range, we need to use
address/mask or a comma (not '-') separated list of such combination.
Syntax:
-s, --source address[/mask][,...]
Regards,
Vignesh
next prev parent reply other threads:[~2011-12-29 11:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-19 3:20 NAT WAN IP to internal range? Andrew Stone
2011-12-21 9:07 ` Andrew Beverley
2011-12-29 9:42 ` Andrew Stone
2011-12-29 10:54 ` Vigneswaran R
2011-12-29 11:07 ` Vigneswaran R [this message]
2011-12-29 11:10 ` Andrew Stone
2011-12-29 11:35 ` Vigneswaran R
2011-12-29 13:38 ` Andrew Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EFC49F3.2040009@atc.tcs.com \
--to=vignesh@atc.tcs.com \
--cc=andrew@stonie.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox