-----Original Message-----
From: Frederik Rousseau [mailto:fred@cmelectronics.be]
Sent: Thursday, August 07, 2003 10:22 AM
To: Matthew Kopishke; debian-firewall@lists.debian.org
Subject: Re: NATing a range of IPs
Is it possible to NAT a range of IPs? Like for example:
iptables -t nat -A PREROUTING -p tcp -s <range of IPs>
--dport 80 -j
REDIRECT --to-port 13001
As you can see what I would like to do is redirect port 80 from the
range of IPs (in this case 65.18.71.1 - 65.18.71.240) to port 13001.
It works great is I try one IP, or the whole block, I'm
just unsure of
how you represent a range? I see references to a IP range
in the man
pages, but no examples.
iptables is using a netmask to define an IP range.
Exsamples:
1) iptables -t nat -A PREROUTING -p tcp -s 10.20.1.0/24
--dport 80 -j
REDIRECT --to-port 13001
gives you all the IPs from 10.20.1.1 to 10.20.1.254
2) iptables -t nat -A PREROUTING -p tcp -s 10.103.1.128/25
--dport 80 -j
REDIRECT --to-port 13001
gives you all the IPs from 10.103.1.129 to 10.103.1.254
On http://jodies.de/ipcalc you find a nice tool to define the
netmasks for the
right IP ranges.
Regards,
Fred
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org