0

I am unable to use the same target under iptables. can someone help please?

iptables v1.4.21 Kernel: 3.16.7

iptables -t nat -A POSTROUTING -o eth0 -j SAME --to 1.2.3.4-1.2.3.7 iptables: No chain/target/match by that name.

John
  • 2,820
  • 3
  • 30
  • 50
kaviraj
  • 1
  • 1
  • Have you created a chain by the name _SAME_? What's the output of `iptables-save`? – Yoel Jul 30 '15 at 08:23
  • It is not a chain but a target – kaviraj Jul 30 '15 at 09:49
  • Are you copying this rule from another computer? – Yoel Jul 30 '15 at 13:08
  • no it is a new rule. i think that the module ipt_SAME is not available with kernel 3. Has anyone tried to use the SAME as target? My objective is if ip A.A.A.A goes to B.B.B.B it is natted with IP X.X.X.X then if A.A.A.A re-establishes a session with B.B.B.B it is natted with the same IP X.X.X.X. According to my reseach the module ipt_same does that: SAME (IPv4-specific) Similar to SNAT/DNAT depending on chain: it takes a range of addresses (`--to 1.2.3.4-1.2.3.7') and gives a client the same source-/destination-address for each connection. – kaviraj Jul 30 '15 at 14:17

1 Answers1

1

According to iptables-extensions's man page, the SAME target was superseded by the --persistent flag of the DNAT target:

--persistent

Gives a client the same source-/destination-address for each connection. This supersedes the SAME target. Support for persistent mappings is available from 2.6.29-rc2.

Yoel
  • 9,144
  • 7
  • 42
  • 57