Source natting occurs in the POSTROUTING chain (the source nat occurs
after the routing decisions have been made for the packet, destination
nats however occur before routing decisions are made). You are currently
using PREROUTING with "-j SNAT" iptables will exit with an error as a
result.
On Wed, 2004-09-22 at 23:58 -0400, Ryan Johnson wrote:> Hey everyone,
>
> OK, not sure if this is more appropriate on the netfilter mailing list,
> but here it goes.
>
> This is a weird setup that is out of my company''s control. We have
a
> webserver setup which will be contacted by several clients with
> different ip. All of these client ip must be translated to the same ip.
> The problem is this all has to happen on the same box. So before the
> packet reaches the apache webserver daemon, can the kernel running on
> the webserver translate the source address?
>
> I have tried iproute2 and iptables with no luck. Looked at netfilter
> patch-o-matic-ng and did not see anything that would help me. Is this
> even possible?
>
> I would need something like this
> iptables -A PREROUTING -i ethX -s $CLIENTIP -d $WEBSERVER -j SNAT --to
> $NEWCLIENTIP
>
> but the SNAT is not supported in PREROUTING.
>
> Any ideas? I not familiar with iproute2 so if there is a solution could
> you post the commands.
>
> Thank you in advance,
>
> Ryan
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
--
Corey Rogers
Senior System Administrator
Wamco Technology Group Ltd (Barbados)
Building #4, Suite 103
Harbour Industrial Park, St. Michael
Phone: (246)437-3154 FAX: (246)434-8883
Windows (win''-doze) 95 (n.): 32-bit extensions to a 16-bit graphical
shell for an 8-bit operating system originally coded for a 4-bit
microprocessor by a 2-bit company that can''t stand 1 bit of
competition.
[F]or those of you who are constantly belittled by your peers for
believing that Big Brother is out to get you, be assured, it is. In
fact,you are probably not paranoid enough."
- editorial, "Today''s Technology Can Easily Track Criminals and
Ex-offenders", _The_ECHO_ newspaper, Jan. 1998
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if
any, is (are) for the intended recipient only (person or entity) and may
contain confidential or proprietary information some or all of which may
be legally privileged. Any unauthorized review, use, copy, print,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message and do not in any way rely on this
e-mail. If you are the intended recipient but do not wish to receive
communications through this medium, please so advise the sender
immediately.