[CentOS] iptables questionson CentOS

Barry Brimer lists at brimer.org
Thu Dec 4 13:57:48 UTC 2008

> I want to add a SNAT rule for one user in LAN to access one particular
> destination on the internet.
> Let's say www.centos.org
> I added the below rule. But . it does NOT work
> Pls assume is the real ip of the firewall.
> ip address is the client PC
> iptables -t nat -A POSTROUTING -o eth0 -s -j SNAT
> --to-source -d www.centos.org
> Any idea to achieve it?

The destination should be before the SNAT ... so try this:

iptables -t nat -A POSTROUTING -o eth0 -s -d 
www.centos.org -j SNAT --to-source

> the below rule excludes 1 ip. it works fine.
> iptables -t nat -A PREROUTING  -p tcp  -m multiport -s !
> --destination-port 80,465,995 -j DNAT --to-destination :3128
> I want to exclude about 4 or 5 ips.
> let's say,,,
> Is there a way to do it?

Not that I can think of.  If these IP addresses were in a contiguous 
block, it might be able to be summarized by one or two subnet statements 
instead of individual rules for each.

Hope this helps.


More information about the CentOS mailing list