iptables -t nat -s 149.153.9.241/32 -A POSTROUTING -o eth0 -j SNAT --to 149.153.9.241
iptables -t nat -s 149.153.9.0/24 -A POSTROUTING -o eth0 -j SNAT --to 149.153.9.1
which SNATs to the machine i want, and also SNAT's the network i want
it doesnt forward but has the desired effect of forwarding, cheers cactus.
stinky, i now have a look at your code and see what does.
btw stinky is the name of my arch box
$IPTABLES -A FORWARD -p tcp -d 192.168.1.100 --dport 22 -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -i $EXTIF -d $EXTIP --dport 22 -j DNAT --to 192.168.1.100:22
Of course, change 22 to whatever port you want to forward.....
]]>The packet traverses as follows.
prerouting -> forward -> postrouting
So your forward is fine, as is your postrouting. in your postrouting table, simply accept from that single host first..
iptables -t nat -s 149.153.9.241/32 -A POSTROUTING -o eth0 -j ACCEPT
iptables -t nat -s 149.153.9.0/24 -A POSTROUTING -o eth0 -j SNAT --to 149.153.9.1
Not sure if the nat postrouting chain has simple accept as a target. if not, just try to nat it to the same thing that it was..
iptables -t nat -s 149.153.9.241/32 -A POSTROUTING -o eth0 -j SNAT --to 149.153.9.241
it either masquerades or forwards, but not a mix of both, which is what i am trying to do.
i know that iptables traverses tables or chains ( im not sure of the exact differences yet ( or the order in which they are searched) ), and when it finds a matching rule for a given packet, it stops traversing the chain as there is no need to continue. i tried to re-order the commands so that the forward rule is found before the masquerade rule, but still no luck.
]]>echo 1 > /proc/sys/net/ipv4/ip_forward
you can also add that to your sysctl and it will be active on boot.
]]>but i want to forward packets for one machine in that subnet, so no masquerading for that machine. this is what im trying:
iptables -A FORWARD -s 149.153.9.241 -o eth0 -j ACCEPT
but not working, i want to forward all packets for the IP instead of masquerade them.
iptables is ignoreing my forward rule because it has an already matching rule in the nat table??
so... any ideas on where im going wrong?