Re: [Users] Bypassing NAT for specific clients

From: Paul Wouters (paul_at_xtdnet.nl)
Date: Thu Aug 08 2002 - 11:02:05 CEST

• Next message: Paul Wouters: "Re: [Users] Bypassing NAT for specific clients"
• Previous message: Igmar Palsenberg: "Re: [Users] AES-patches on production servers"
• In reply to: Ian Brown: "Re: [Users] Bypassing NAT for specific clients"
• Next in thread: Stephen J. Bevan: "[Users] Bypassing NAT for specific clients"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 7 Aug 2002, Ian Brown wrote:

> Um.. if you want to exclude something wouldn't you use -j DROP
> instead of -j ACCEPT? Also you don't need the /32 for single ip
> addresses.
>
> so
>
> iptables -t nat -I POSTROUTING -s xxx.yyy.5.200 -o eth0 -j DROP

It depends on your goal. In this case, the goal was to still forward the
packet, but just not NAT it. Perhaps -j ACCEPT works as well instead of
-j RETURN. I guess the only difference is that the latter one gets
decided based on the chain policy, while the first overrides the policy.

Paul

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Paul Wouters: "Re: [Users] Bypassing NAT for specific clients"
• Previous message: Igmar Palsenberg: "Re: [Users] AES-patches on production servers"
• In reply to: Ian Brown: "Re: [Users] Bypassing NAT for specific clients"
• Next in thread: Stephen J. Bevan: "[Users] Bypassing NAT for specific clients"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Aug 08 2002 - 15:19:33 CEST