Книга: Iptables Tutorial 1.2.2
NETMAP target
NETMAP target
NETMAP is a new implementation of the SNAT and DNAT targets where the host part of the IP address isn't changed. It provides a 1:1 NAT function for whole networks which isn't available in the standard SNAT and DNAT functions. For example, lets say we have a network containing 254 hosts using private IP addresses (a /24 network), and we just got a new /24 network of public IP's. Instead of walking around and changing the IP of each and every one of the hosts, we would be able to simply use the NETMAP target like -j NETMAP -to 10.5.6.0/24 and voila, all the hosts are seen as 10.5.6.x when they leave the firewall. For example, 192.168.0.26 would become 10.5.6.26.
Table 11-11. NETMAP target options
| Option | --to |
| Example | iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -j NETMAP --to 10.5.6.0/24 |
| Explanation | This is the only option of the NETMAP target. In the above example, the 192.168.1.x hosts will be directly translated into 10.5.6.x. |
Note Works under Linux kernel 2.5 and 2.6.
Оглавление книги
- ACCEPT target
- CLASSIFY target
- CLUSTERIP target
- CONNMARK target
- CONNSECMARK target
- DNAT target
- DROP target
- DSCP target
- ECN target
- LOG target options
- MARK target
- MASQUERADE target
- MIRROR target
- NETMAP target
- NFQUEUE target
- NOTRACK target
- QUEUE target
- REDIRECT target
- REJECT target
- RETURN target
- SAME target
- SECMARK target
- SNAT target
- TCPMSS target
- TOS target
- TTL target
- ULOG target
- What's next?