iptables OUTPUT SNAT
Tomas Cermak
Cermak na Aquasoft.cz
Pondělí Leden 28 13:11:28 CET 2002
David Tok <theo na coolnet.cz> writes:
> :> root# iptables -A OUTPUT -t nat -d 192.168.1.1 -j SNAT --to-source=192.168.1.11
> :> iptables: Invalid argument
> :> ^^^^^^^^^^^^^^^^ postrouting ide output nie
> :>
> :iptables pracuje s vice tabulkami (nepovinny parametr -t tabulka)
> :Tabulka "nat" nema kanal OUTPUT ale PREROUTING a POSTROUTING.
>
> ma i OUTPUT,
> /*
> $ iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> */
>
>
ou, mate pravdu, je tam :-)
nicmene zpet k otazce. Podle mne to nejde. SNAT se da
delat jen v POSTROUTING kanalu a DNAT v PREROUTING.
Alespon tak chapu vetu z NAT-HOWTO
"6.1 Source NAT
... different. This is done in the POSTROUTING chain,
just before it is finally..."
a
"6.2 Destination NAT
This is done in the PREROUTING chain, just as the..."
Tomas Cermak
Další informace o konferenci Linux