В Mon, 04 Aug 2014 09:45:19 +0200 Hans Witvliet <suse@a-domani.nl> пишет:
Hi all,
does anyone knows how to get around a build-in limitation of iptables?
Which limitation?
What i want to do is something like: iptables -t nat -A POSTROUTING -p tcp -port 873 -j SNAT -o br1 --to-source 1.1.1.82
If you mean "option -port is missing", then --match tcp --dport 873 See man iptables-extensions(8)
iptables -t nat -A POSTROUTING -p tcp -port 80 -j SNAT -o br1 --to-source 1.1.1.83
iptables -t nat -A POSTROUTING -p tcp -port 25 -j SNAT -o br1 --to-source 1.1.1.84 etc etc ......
So basically i want SOME traffic being SNAT-ed, but not all !!
specifically: my six ipv6-tunnels towards H.E. don't like to be natted, the all have their own specific IPv4-addres.
Hans
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org