> Is it possible to NAT a range of IPs? Like for example: > > iptables -t nat -A PREROUTING -p tcp -s <range of IPs> --dport 80 -j > REDIRECT --to-port 13001 > > As you can see what I would like to do is redirect port 80 from the > range of IPs (in this case 65.18.71.1 - 65.18.71.240) to port 13001. > It works great is I try one IP, or the whole block, I'm just unsure of > how you represent a range? I see references to a IP range in the man > pages, but no examples.
iptables is using a netmask to define an IP range. Exsamples: 1) iptables -t nat -A PREROUTING -p tcp -s 10.20.1.0/24 --dport 80 -j REDIRECT --to-port 13001 gives you all the IPs from 10.20.1.1 to 10.20.1.254 2) iptables -t nat -A PREROUTING -p tcp -s 10.103.1.128/25 --dport 80 -j REDIRECT --to-port 13001 gives you all the IPs from 10.103.1.129 to 10.103.1.254 On http://jodies.de/ipcalc you find a nice tool to define the netmasks for the right IP ranges. Regards, Fred
