[CentOS] iptables questionson CentOS
lists at brimer.org
Thu Dec 4 13:57:48 UTC 2008
> I want to add a SNAT rule for one user in LAN to access one particular
> destination on the internet.
> Let's say www.centos.org
> I added the below rule. But . it does NOT work
> Pls assume 18.104.22.168 is the real ip of the firewall.
> ip address 192.168.101.230 is the client PC
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT
> --to-source 22.214.171.124 -d www.centos.org
> Any idea to achieve it?
The destination should be before the SNAT ... so try this:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -d
www.centos.org -j SNAT --to-source 126.96.36.199
> the below rule excludes 1 ip. it works fine.
> iptables -t nat -A PREROUTING -p tcp -m multiport -s ! 192.168.1.9
> --destination-port 80,465,995 -j DNAT --to-destination :3128
> I want to exclude about 4 or 5 ips.
> let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25
> Is there a way to do it?
Not that I can think of. If these IP addresses were in a contiguous
block, it might be able to be summarized by one or two subnet statements
instead of individual rules for each.
Hope this helps.
More information about the CentOS