SNAT rule question
Laurent CARON
email hidden
Mon Aug 28 22:41:26 CEST 2006
Evan Rabeck wrote:
> Hi,
>
> I have multiple external addresses on my public interface. If I list
> them all in zone.ext under IP_EXTRA my SNAT rules for my internal
> zones fail with the following message when I try to start fiaif:
>
> iptables v1.3.5: Multiple --to-source not supported
> Try `iptables -h' or 'iptables --help' for more information.
> Error: iptables -t nat -A SNAT_WLAN_0 -d aa.bb.cc.xx -j SNAT --to-
> source aa.bb.cc.yy --to-source aa.bb.cc.zz --to-source aa.bb.cc.xx
>
> What will fiaif do wrong if it doesn't know all of the addresses?
>
> This worked in my earlier kernel/iptables/fiaif configuration. Is
> there a workaround now? I would especially like to be able to have
> different NAT addresses for each internal zone.
instead of SNAT[0]="EXT ALL......"
use SNAT[0]="EXT_IP1 ALL....."
with proper routing rules of course.
Laurent
More information about the fiaif
mailing list