iptables question

David A. Long dave at jumpshift.com
Fri Mar 9 18:14:23 EST 2007


I have a small sequential block of public IP addresses I would like to
filter through to matching servers on my private network.  The iptables
NETMAP target looks like it might do this efficiently (combined with a
lot of other rules to filter out unwanted traffic).  But I cannot
understand how the "source" IP address gets rewritten in the packet with
this target.  The NETMAP documentation is very terse and never mentions
the source address, only the destination.  Can someone provide an
example or explanation of how NETMAP can be used both to remap traffic
addressed to the server addresses, *and* remap the source address of
returning traffic?  Here is what I have now, but the second rule does
not make sense to me (even though I wrote it):

iptables -t nat -A PREROUTING -i ${WAN_IFACE} -d ${WAN_NET}.0/24 -j NETMAP --to ${LAN_NET}.0/24
iptables -t nat -A POSTROUTING -o ${WAN_IFACE} -s ${LAN_NET}.0/24 -j NETMAP --to  ${WAN_NET}.0/24


Thanks,
-dl




More information about the gnhlug-discuss mailing list