Commit 01fe8166 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

SNATRule: prevent MASQUERADE target in INPUT chain

parent 2af9ceba
......@@ -79,5 +79,12 @@ function SNATRule:init(...)
}
end
function SNATRule:trulefilter(rule)
if rule.chain == 'INPUT' and rule.target == 'MASQUERADE' then
self:error('Must specify translation address for inbound traffic')
end
return SNATRule.super(self):trulefilter(rule)
end
return {export={dnat={class=DNATRule}, snat={class=SNATRule}}}
......@@ -30,5 +30,8 @@
{ "in": "B" },
{ "out": "_fw" }
],
"snat": [ { "out": [ "_fw", "B" ] } ]
"snat": [
{ "out": "A" },
{ "out": [ "_fw", "B" ], "to-addr": "10.1.2.3" }
]
}
......@@ -8360,10 +8360,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -12636,9 +12640,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -4241,9 +4241,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -657,10 +657,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -893,9 +897,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth4 -j NETMAP --to 10.1.0.0/12
-A PREROUTING -i eth5 -j NETMAP --to 10.1.0.0/12
......
......@@ -201,9 +201,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth4 -j NETMAP --to 10.1.0.0/12
-A PREROUTING -i eth5 -j NETMAP --to 10.1.0.0/12
......
......@@ -638,10 +638,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/awall-INPUT -j MASQUERADE
inet/nat/awall-POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/awall-POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/awall-INPUT -j SNAT --to-source 10.1.2.3
inet/nat/awall-POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains true
......@@ -892,9 +896,10 @@ COMMIT
-A OUTPUT -j awall-OUTPUT
-A POSTROUTING -j awall-POSTROUTING
-A PREROUTING -j awall-PREROUTING
-A awall-INPUT -j MASQUERADE
-A awall-INPUT -j SNAT --to-source 10.1.2.3
-A awall-OUTPUT -j REDIRECT
-A awall-POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A awall-POSTROUTING -o eth0 -j MASQUERADE
-A awall-POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A awall-POSTROUTING -m set --match-set awall-masquerade src -j awall-masquerade
-A awall-PREROUTING -i eth0 -j REDIRECT
-A awall-PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -219,9 +219,10 @@ COMMIT
-A OUTPUT -j awall-OUTPUT
-A POSTROUTING -j awall-POSTROUTING
-A PREROUTING -j awall-PREROUTING
-A awall-INPUT -j MASQUERADE
-A awall-INPUT -j SNAT --to-source 10.1.2.3
-A awall-OUTPUT -j REDIRECT
-A awall-POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A awall-POSTROUTING -o eth0 -j MASQUERADE
-A awall-POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A awall-POSTROUTING -m set --match-set awall-masquerade src -j awall-masquerade
-A awall-PREROUTING -i eth0 -j REDIRECT
-A awall-PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -650,10 +650,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -884,9 +888,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -p tcp --dport 25 -d 192.168.0.1 -j DNAT --to-destination 10.0.0.1
-A PREROUTING -i eth0 -p tcp --dport 80 -d 192.168.0.2 -j DNAT --to-destination 10.0.0.2:8080
......
......@@ -199,9 +199,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -p tcp --dport 25 -d 192.168.0.1 -j DNAT --to-destination 10.0.0.1
-A PREROUTING -i eth0 -p tcp --dport 80 -d 192.168.0.2 -j DNAT --to-destination 10.0.0.2:8080
......
......@@ -59788,10 +59788,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -90128,9 +90132,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......@@ -30305,9 +30305,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......@@ -708,10 +708,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -968,9 +972,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -225,9 +225,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -655,10 +655,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -896,9 +900,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -200,9 +200,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -704,10 +704,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -958,9 +962,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -219,9 +219,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -650,10 +650,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Variable awall_dedicated_chains false
......@@ -886,9 +890,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -201,9 +201,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -638,10 +638,14 @@ Service zabbix-trapper {"port":10051,"proto":"tcp"}
(services)
Snat 1 {"out":["_fw","B"]}
Snat 1 {"out":"A"}
(zone)
inet/nat/INPUT -j MASQUERADE
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
inet/nat/POSTROUTING -o eth0 -j MASQUERADE
Snat 2 {"out":["_fw","B"],"to-addr":"10.1.2.3"}
(zone)
inet/nat/INPUT -j SNAT --to-source 10.1.2.3
inet/nat/POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
Tproxy 1 {"in":"B","service":"http"}
......@@ -879,9 +883,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
......@@ -200,9 +200,10 @@ COMMIT
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:masquerade - [0:0]
-A INPUT -j MASQUERADE
-A INPUT -j SNAT --to-source 10.1.2.3
-A OUTPUT -j REDIRECT
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -d 10.0.0.0/12 -j SNAT --to-source 10.1.2.3
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment