On Wed, 2003-05-28 at 09:07, Alex 'CAVE' Cernat wrote: > > my question is: cele doua reguli nu s-ar putea sa se bata cap in cap ? > sau linuxul totusi e destul de destept sa faca mai intai 'reverse snat', > respectiv 'reverse dnat' (adica operatiile inverse de snat/dnat, la > pachetele de raspuns), inainte de a face SNAT/DNAT-urile respective ? >
ai putea incerca target-ul -j NETMAP din patch-o-matic care face ceea ce vrei tu: NAT 1:1 citat din patch-o-matic help: This adds CONFIG_IP_NF_TARGET_NETMAP option, which provides a target for the nat table. It creates a static 1:1 mapping of the network address, while keeping host addresses intact. It can be applied to the PREROUTING chain to alter the destination of incoming connections, to the POSTROUTING chain to alter the source of outgoing connections, or both (with separate rules). Examples: iptables -t nat -A PREROUTING -d 1.2.3.0/24 -j NETMAP --to 5.6.7.0/24 iptables -t nat -A POSTROUTING -s 5.6.7.0/24 -j NETMAP --to 1.2.3.0/24 > Alex -- Patrascu Eugeniu <[EMAIL PROTECTED]> Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated.
