iptables

All posts tagged iptables

#dayjob

Some days you just need to do a bit of packet mangling and you don’t want to
write loads of DNAT/SNAT statements, so why not just use the NETMAP target

Take this example (The IP addresses have been changed to protect the innocent)


iptables -t nat -A PREROUTING -d 192.168.55.0/24 -j NETMAP --to 195.44.12.0/24
iptables -t nat -A POSTROUTING -d 195.44.12.0/24 -j NETMAP --to 192.168.55.0/24

It allows you to translate entire networks on a 1:1 mapping basis, so 192.168.55.1
maps to 195.44.12.1 and 192.168.55.2 maps to 195.44.12.2 and so on and so on.

Simples

(Oh and the Postrouting line is for the SNAT on the way back btw)