[CentOS] iptables questionson CentOS
Barry Brimer
lists at brimer.org
Thu Dec 4 13:57:48 UTC 2008
> I want to add a SNAT rule for one user in LAN to access one particular
> destination on the internet.
>
> Let's say www.centos.org
>
> I added the below rule. But . it does NOT work
> Pls assume 1.2.3.4 is the real ip of the firewall.
> ip address 192.168.101.230 is the client PC
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT
> --to-source 1.2.3.4 -d www.centos.org
>
> Any idea to achieve it?
The destination should be before the SNAT ... so try this:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -d
www.centos.org -j SNAT --to-source 1.2.3.4
> the below rule excludes 1 ip. it works fine.
>
> iptables -t nat -A PREROUTING -p tcp -m multiport -s ! 192.168.1.9
> --destination-port 80,465,995 -j DNAT --to-destination :3128
>
> I want to exclude about 4 or 5 ips.
>
> let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25
>
> Is there a way to do it?
Not that I can think of. If these IP addresses were in a contiguous
block, it might be able to be summarized by one or two subnet statements
instead of individual rules for each.
Hope this helps.
Barry
More information about the CentOS
mailing list