I have a bunch of IPTables entries which I'm trying to convert to Cisco-style NATs or ACLs. I've got some of them sorted, but have some examples which I don't fully understand:
Quote:
-A POSTROUTING -s 10.11.12.41/32 -d ! 10.11.0.0/16 -j SNAT --to-source a.b.c.d
|
where 10.11.12.41/32 and 10.11.0.0/16 are RFC1918 addresses inside and a.b.c.d is the global address....Does this mean that anything with a source address of 10.11.12.41 and a destination in the range 10.11.0.0/16 should be natted on exit to have a destination address of a.b.c.d, or something else?
Quote:
-A PREROUTING -d c.e.f.g/32 -p tcp -m tcp --dport 4443 -m comment --comment "comment sanitised" -j DNAT --to-destination 10.5.11.1111:443
|
I think this is a Static NAT command that states any packet received in the outside interface with a destination IP address of c.e.f.g:4443 is translated to 10.5.11.111:4443 and sent from the inside interface
and could be replaced by the Cisco NAT command
Quote:
ip nat inside source static tcp 10.5.11.111 4443 c.e.f.g 4443
|
and finally:
Quote:
-A PREROUTING -s ! a.b.125.234/32 -d a.b.124.144/32 -p tcp -m tcp --dport 8880 -j DROP
|
Drop traffic with source a.b.25.34 and destination a.b.24.44/32 to destination port 8880
Obviously, all addresses sanitised and anonymous
Any clarification or suggestions welcome, I've googled till my fingers bleed but I'm not happy I fully understand