[wellylug] firewall prerouting issue

Enkidu enkidu at cliffp.com
Fri Aug 27 18:00:53 NZST 2004


On Fri, 27 Aug 2004 17:36:05 +1200, you wrote:

>Hi,
>
>I've got a little issue doing some prerouting, I hope someone knows something 
>about and may be able to suggest a way to do this.  
>
>I am trying to add a pre routing rule into my firewall, to preroute based on 
>the source IP address range.. I.e.
>
>-A PREROUTING -s 222.152.0.0/222.152.255.255 -d 203.79.92.197 -i eth1 -p tcp 
>-m tcp --dport 21 -j DNAT --to-destination 192.168.0.100:21
>
>However, this does not seem to work, but, if I use a specific IP address, i.e. 
>-A PREROUTING -s 222.152.3.2 -d 203.79.92.197 -i eth1 -p tcp -m tcp --dport 21 
>-j DNAT --to-destination 192.168.0.100:21
>
Off the top of my head, isn't that a *netmask*? ie
222.152.0.0/255.255.255.0 would give you the range that you want.

Cheers,

Cliff




More information about the wellylug mailing list