Re: NATing a range of IPs

To: Matthew Kopishke <matt@kopishke.org>, debian-firewall@lists.debian.org
Subject: Re: NATing a range of IPs
From: Frederik Rousseau <fred@cmelectronics.be>
Date: Thu, 7 Aug 2003 09:21:53 +0200
Message-id: <[🔎] 200308070921.54113.fred@cmelectronics.be>
Reply-to: fred@cmelectronics.be
In-reply-to: <[🔎] BA91AB28-C840-11D7-8E26-0003938BA5DE@kopishke.org>
References: <[🔎] BA91AB28-C840-11D7-8E26-0003938BA5DE@kopishke.org>

> Is it possible to NAT a range of IPs?  Like for example:
>
> iptables -t nat -A PREROUTING -p tcp -s <range of IPs>  --dport 80 -j
> REDIRECT --to-port 13001
>
> As you can see what I would like to do is redirect port 80 from the
> range of IPs (in this case 65.18.71.1 - 65.18.71.240) to port 13001.
> It works great is I try one IP, or the whole block, I'm just unsure of
> how you represent a range?  I see references to a IP range in the man
> pages, but no examples.

iptables is using a netmask to define an IP range.
Exsamples: 

1) iptables -t nat -A PREROUTING -p tcp -s 10.20.1.0/24  --dport 80 -j 
REDIRECT --to-port 13001

gives you all the IPs from 10.20.1.1 to 10.20.1.254

2) iptables -t nat -A PREROUTING -p tcp -s 10.103.1.128/25  --dport 80 -j 
REDIRECT --to-port 13001

gives you all the IPs from 10.103.1.129 to 10.103.1.254


On http://jodies.de/ipcalc you find a nice tool to define the netmasks for the 
right IP ranges.

Regards,
Fred

Reply to:

Follow-Ups:
- Re: NATing a range of IPs
  - From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>

References:
- NATing a range of IPs
  - From: Matthew Kopishke <matt@kopishke.org>

Prev by Date: NATing a range of IPs
Next by Date: RE: NATing a range of IPs
Previous by thread: NATing a range of IPs
Next by thread: Re: NATing a range of IPs
Index(es):
- Date
- Thread