On Mon, 2014-08-04 at 18:31 +0400, Andrey Borzenkov wrote:
В Mon, 04 Aug 2014 09:45:19 +0200 Hans Witvliet <suse@a-domani.nl> пишет:
Hi all,
does anyone knows how to get around a build-in limitation of iptables?
Which limitation?
What i want to do is something like: iptables -t nat -A POSTROUTING -p tcp -port 873 -j SNAT -o br1 --to-source 1.1.1.82
If you mean "option -port is missing", then
--match tcp --dport 873
See man iptables-extensions(8)
iptables -t nat -A POSTROUTING -p tcp -port 80 -j SNAT -o br1 --to-source 1.1.1.83
iptables -t nat -A POSTROUTING -p tcp -port 25 -j SNAT -o br1 --to-source 1.1.1.84 etc etc ......
So basically i want SOME traffic being SNAT-ed, but not all !!
specifically: my six ipv6-tunnels towards H.E. don't like to be natted, the all have their own specific IPv4-addres.
Ah, thanks This seems to work, this allows me to selectively do a SNAT. Insteaed of "snatting" everything, i can do it on specific services, i hope i can void interferrence with my tunnels. tnx. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org