NAT: 1-1 mapping from 192.168.x.x to 10.168.x.x ?

Discussion in 'Linux Networking' started by Stefano Masini, Aug 31, 2004.

  1. Hi,

    I have a machine on a 192.168.x.x network that I would like to
    configure in such a way that it believes to be in 10.168.x.x.

    In other words, if a packet comes in from, say,, I would
    like it to be mangled as it was coming from

    In the same way, I would like outgoing packets for 10.168.x.x to be
    mapped to 192.168.x.x.

    I read the iptables manual and found out abount DNAT and SNAT, but it
    seems what they do at most is mangle addresses into a pool of
    addresses, is a round robin fashion. I don't need round robin. I need
    a 1-1 mapping.

    Anybody knows if this is doable ?

    Stefano Masini, Aug 31, 2004
  2. Specify a netmask on the --to address. The example in the netfilter HOWTO:

    # iptables -t nat -A POSTROUTING -s -o eth1 \
    -j SNAT --to

    The example does SNAT based on outgoing source address, whereas you
    probably want to do SNAT based on incoming source address and DNAT based
    on incoming destination address (separate rules) in PREROUTING for
    different interfaces.
    Allen Kistler, Sep 1, 2004
