[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: help with DNAT/SNAT



On Thu, May 29, 2003 at 07:48:59PM -0400, k. scott bethke wrote:
> This day just won't end..  Can someone point me in the right direction
> here.. I think I need a combo nat / rdr to accomplish this.  Essentually
> anything that comes in for 10.10.10.15{2,3,8,or 9} that has a dst port range
> of 5400 to 5500 should go to 10.10.10.155 same port.  If a packet leaves
> from one of those address with a src port 5400-5500  it should translate to
> 10.10.10.155 same port.  Seems easy enough.  In IPTABLES I do this:
  clients="{ 10.10.10.152, 10.10.10.153, 10.10.10.158, 10.10.10.159 }"
  rdr on $if inet proto tcp from any to $clients port 5400:5500 \
      -> 10.10.10.155
  nat on $if inet proto tcp from $clients port 5399><5501 to any \
      -> 10.10.10.155 static-port
Depending on where the connections flow through, you might have to use
different 'on $if' in both rules. 'nat' applies to connections leaving
out through an interface, 'rdr' applies to incoming connections on an
interface.
Daniel