Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Re: A Simple Question on iptables (NAT issue)
  • From: Jos van Kan <vankan@xxxxxxxxxxxx>
  • Date: Thu, 20 Apr 2006 09:08:50 +0200
  • Message-id: <44473382.4060804@xxxxxxxxxxxx>
FW wrote:
(reversed the toppost)
On 4/19/06, Jos van Kan <vankan@xxxxxxxxxxxx> wrote:

FW wrote:

The original NAT config that the admin set was:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE



On 4/19/06, FW <frost.wrath@xxxxxxxxx> wrote:


Hi, all.

My situation is:

the gateway(Linux 2.4) imposes NAT on all the traffic from all
workstations(configured with public IP addresses rathar than private
ones) within the LAN.

Now I want to set an exception in the NAT rule. That's to say, I want
the gateway not to do NAT on *one specific workstation* within the
LAN. Could you HELP me
on how to do that?

The iptables need a source parameter, like:

iptables -t nat -A POSTROUTING -s <IP address> -o ppp0 -j MASQUERADE

<IPADDRESS> could be a plain (local) address like 192.168.2.3, but also a subnet
like 192.168.2.0/24


> Thanks. But my question is how to unNAT a specific host under a
> situation of universal NAT, whihe the example you gave is to enable
> NAT.
>

Hmm. I can imagine that you don't want to do a total read up on iptables, but I cannot imagine that you don't look into the manpage *at all*, because the solution to that problem is there for all to see. Use !.
<quote> (from the description of the -s parameter)
A "!" argument before the address specification inverts the sense of the address.
</quote>
On the other hand I'm not sure at all that you want this for the solution of your actual problem as Darryl Gregorash has explained so eloquently .

Regards,
--
Jos van Kan registered Linux user #152704

< Previous Next >
References