LARTC - Sep 2006 - (simple?) iptables question

Hi,

I have a router that should do routing between 2 networks for a network
*except* if the destination is a private network *and* the source is a
specific machine, in which case it has to NAT.

I thought that this would do the trick:

....
iptables -A POSTROUTING -s 10.20.1.0/24 -d 192.168.0.0/16 -j RETURN
iptables -A POSTROUTING -s 10.20.1.1   -o eth1 -j SNAT --to-source 172.16.0.1
....

But this does not seem to work: there is never any NAT: the packets are
just routed and not NAT-ed if I ping to a non 192.168.0.0/24 address.

How can I achieve what I want???

TIA

-- 
Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
web: www.askesis.nl

On Thu, 2006-09-21 at 08:10 +0200, Joost Kraaijeveld
wrote:
> I thought that this would do the trick:
> 
> ....
> iptables -A POSTROUTING -s 10.20.1.0/24 -d 192.168.0.0/16 -j RETURN
> iptables -A POSTROUTING -s 10.20.1.1   -o eth1 -j SNAT --to-source
172.16.0.1
I forgot the -t nat in the commands above.

-- 
Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
web: www.askesis.nl