Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] Re: A Simple Question on iptables (NAT issue)
  • From: Jos van Kan <vankan@xxxxxxxxxxxx>
  • Date: Thu, 20 Apr 2006 09:08:50 +0200
  • Message-id: <44473382.4060804@xxxxxxxxxxxx>
FW wrote:
(reversed the toppost)
On 4/19/06, Jos van Kan <vankan@xxxxxxxxxxxx> wrote:

FW wrote:

The original NAT config that the admin set was:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

On 4/19/06, FW <frost.wrath@xxxxxxxxx> wrote:

Hi, all.

My situation is:

the gateway(Linux 2.4) imposes NAT on all the traffic from all
workstations(configured with public IP addresses rathar than private
ones) within the LAN.

Now I want to set an exception in the NAT rule. That's to say, I want
the gateway not to do NAT on *one specific workstation* within the
LAN. Could you HELP me
on how to do that?

The iptables need a source parameter, like:

iptables -t nat -A POSTROUTING -s <IP address> -o ppp0 -j MASQUERADE

<IPADDRESS> could be a plain (local) address like, but also a subnet

> Thanks. But my question is how to unNAT a specific host under a
> situation of universal NAT, whihe the example you gave is to enable
> NAT.

Hmm. I can imagine that you don't want to do a total read up on iptables, but I cannot imagine that you don't look into the manpage *at all*, because the solution to that problem is there for all to see. Use !.
<quote> (from the description of the -s parameter)
A "!" argument before the address specification inverts the sense of the address.
On the other hand I'm not sure at all that you want this for the solution of your actual problem as Darryl Gregorash has explained so eloquently .

Jos van Kan registered Linux user #152704

< Previous Next >