Re: SNAT vs Forwarding
Hi Michael, thanks.
I understand how subnetting works, but perhaps not other things (apparently). I did this:
privateIP = "10.0.0.0/24"
So I could match, anything that starts with a 10.
I believe (please check me if I'm wrong) that ip packets do not carry a subnet with them, just ip addresses. Meaning
!$privateIP should match 10.0.0.5 and 10.1.0.5, regardless of the subnets the machines are configured with.
[snip]
> > # Private net 1: SNAT to outside
> > iptables -t nat -A POSTROUTING -s $intnet1 -d ! $privateIP -j SNAT \
> > --to-source $extip
> >
> > # Private net 2: SNAT to outside
> > iptables -t nat -A POSTROUTING -s $intnet2 -d ! $privateIP -j SNAT \
> > --to-source $extip
> > I thought the above rules explicitly stated: "Anything coming
> > from 10.0.x (intnet1) going to anywhere but 10.x SNAT to
>
> No, it's going to anywhere but 10.0.0.x.
A packet without subnet information should match those rules, right?
-s 10.0.0.0/8 or -s 10.0.0.0/16 or -s 10.0.0.0/24
should all match a packet with a source of 10.0.0.5, regardless of subnet mask. Or am I way off base?
Thanks,
Cory
Reply to: