Thursday, December 13, 2007

specify a range of IP addresses or ports using iptables

To specify a range of IP addresses or ports, use a dash. When using IP addresses and ports in conjunction, use a colon to separate. For example:


IP-IP:Port-Port


IP address ranges are only valid in the nat table, using the options --to-source and --to-destination. When a range is given, a simple round-robin (one after another in cycle) takes place between these adresses.

For example, when using NAT you can map to a range of possible IP addresses with:


# iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.45-1.2.3.55


and you can map to a range of possible ports with:


# iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.45:1234-1334
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)