LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-28-2006, 11:45 AM   #1
swapna_gg83
LQ Newbie
 
Registered: Mar 2006
Posts: 9

Rep: Reputation: 0
need info on mangle


Could anybody tell me or point me to some tutorials on what exactly the mangle table of iptables can do and how to use the mangle table?

What I actualy need is this:
(NETMAP) a 1:1 NAT function for whole networks.For example,for a a network containing 254 hosts using private IP addresses (a /24 network), and we just got a new /24 network of public IP's. Instead of walking around and changing the IP of each and every one of the hosts, useing the NETMAP target like -j NETMAP -to 10.5.6.0/24 , all the hosts are seen as 10.5.6.x when they leave the firewall. For example, 192.168.0.26 would become 10.5.6.26.

This (and above)i found in the iptables tutorial.
Eg. iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -j NETMAP --to 10.5.6.0/24

I come across mangle here and want to know about it!
 
Old 04-28-2006, 12:25 PM   #2
J_K9
Member
 
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700

Rep: Reputation: 30
Hi,

I haven't been able to find out much about it.. But there is some information on NETMAP here. There is also more information on the mangle table in there.

If that isn't too much help, then consider taking a look at one of the tutorials here - hopefully one of them will be of use!

Cheers,

-jk

Last edited by J_K9; 04-28-2006 at 12:31 PM.
 
Old 04-28-2006, 12:27 PM   #3
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora
Posts: 161

Rep: Reputation: 43
The NETMAP target is only available in the nat table, just change the "-t mangle" to "-t nat". See http://www.netfilter.org/projects/pa...om-base-NETMAP

The mangle table is generally for "specialised packet alteration", usually associated with routing and connection tracking.

For technical info, try http://www.netfilter.org/documentation/index.html

One observation, remapping to public IP addresses may expose all 254 hosts to external attack, 24/7. MASQUERADE or SNAT helps to keep the script kiddies out and saves on valuable IP addresses, you never know when you'll need a spare one.
 
Old 05-03-2006, 01:34 AM   #4
swapna_gg83
LQ Newbie
 
Registered: Mar 2006
Posts: 9

Original Poster
Rep: Reputation: 0
i already had looked into those tutorials , i will try both mangle and nat table, i feel nat is more pertinent. anyways.. tnx so much for ur inputs
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables mangle problem posixjunkie Linux - Networking 1 04-25-2006 11:17 AM
info problem "info: dir: No such file or directory" EAD Linux - Software 0 03-22-2006 03:16 PM
LXer: Spam Filters Mangle Christmas Cards LXer Syndicated Linux News 0 12-09-2005 09:46 PM
Convert an info file(bash.info.gz) to a single html file Darwish Linux - Software 2 09-24-2005 07:51 AM
Filtering in iptables mangle? MarleyGPN Linux - Networking 1 07-08-2005 02:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration