[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

help with DNAT/SNAT



This day just won't end..  Can someone point me in the right direction
here.. I think I need a combo nat / rdr to accomplish this.  Essentually
anything that comes in for 10.10.10.15{2,3,8,or 9} that has a dst port range
of 5400 to 5500 should go to 10.10.10.155 same port.  If a packet leaves
from one of those address with a src port 5400-5500  it should translate to
10.10.10.155 same port.  Seems easy enough.  In IPTABLES I do this:
iptables -t nat -A PREROUTING -d 10.10.10.152 -p tcp -m tcp --dport
5400:5500 -j DNAT --to-destination 10.10.10.155
iptables -t nat -A PREROUTING -d 10.10.10.153 -p tcp -m tcp --dport
5400:5500 -j DNAT --to-destination 10.10.10.155
iptables -t nat -A PREROUTING -d 10.10.10.158 -p tcp -m tcp --dport
5400:5500 -j DNAT --to-destination 10.10.10.155
iptables -t nat -A PREROUTING -d 10.10.10.159 -p tcp -m tcp --dport
5400:5500 -j DNAT --to-destination 10.10.10.155
iptables -t nat -A POSTROUTING -d 10.10.10.152 -p tcp -m tcp --dport
5400:5500 -j SNAT --to-source  10.10.10.155
iptables -t nat -A POSTROUTING -d 10.10.10.153 -p tcp -m tcp --dport
5400:5500 -j SNAT --to-source  10.10.10.155
iptables -t nat -A POSTROUTING -d 10.10.10.158 -p tcp -m tcp --dport
5400:5500 -j SNAT --to-source 10.10.10.155
iptables -t nat -A POSTROUTING -d 10.10.10.159 -p tcp -m tcp --dport
5400:5500 -j SNAT --to-source 10.10.10.155
How would this look in pf ?
-scotty