Some days you just need to do a bit of packet mangling and you don’t want to
write loads of DNAT/SNAT statements, so why not just use the NETMAP target
Take this example (The IP addresses have been changed to protect the innocent)
iptables -t nat -A PREROUTING -d 192.168.55.0/24 -j NETMAP --to 18.104.22.168/24
iptables -t nat -A POSTROUTING -d 22.214.171.124/24 -j NETMAP --to 192.168.55.0/24
It allows you to translate entire networks on a 1:1 mapping basis, so 192.168.55.1
maps to 126.96.36.199 and 192.168.55.2 maps to 188.8.131.52 and so on and so on.
(Oh and the Postrouting line is for the SNAT on the way back btw)
Whilst doing some other work for #dayjob, I came across this little outfit based out in Israel doing free Class 1 SSL certificates for a year.
Ok I thought what’s the catch (other than it’s about as trustworthy as a man claiming to be secure , but can’t demonstrate it), it seems there isn’t much of a catch :
- The T’s & C’s state it has to be for “non-commercial” activity.
- It’s only Class 1, funny enough they do Class 2 and EV certs as well – for a cost naturally.
- It’s only for a year, but you can just keep renewing it every year.
- Errr and that’s about it really.
All in all, it’s worth signing up and using it for test certs and things like that, I tend to use it for test certs for Loadbalancers/Offload SSL box’s, saves explaining to people why you need to purchase certs for a development environment, anyway it’s worth a punt — https://www.startssl.com/