Indunil Jayasooriya indunil75 at gmail.com
Fri Dec 5 08:20:31 UTC 2008

>> iptables -t nat -A POSTROUTING -o eth0 -s -j SNAT
>> --to-source -d www.centos.org
>> Any idea to achieve it?
> The destination should be before the SNAT ... so try this:
> iptables -t nat -A POSTROUTING -o eth0 -s -d
> www.centos.org -j SNAT --to-source

I did it once in the above way before posting this. it Did NOT work.

Has it wokrd for you?

>> iptables -t nat -A PREROUTING  -p tcp  -m multiport -s !
>> --destination-port 80,465,995 -j DNAT --to-destination :3128
>> I want to exclude about 4 or 5 ips.
>> let's say,,,
>> Is there a way to do it?
> Not that I can think of.  If these IP addresses were in a contiguous
> block, it might be able to be summarized by one or two subnet statements
> instead of individual rules for each.

I will try, that means somwting like !

Thank you
Indunil Jayasooriya

