Panos Kampanakis Mon, 09/13/2010 - 08:07

Unfortunately, there is no way of automatically migrating the iptabes. So you would need to do it manually or write a script to do it. A rule like

route add  -net  netmask gw XXX.XXX.XXX.XXX dev eth1

would be translated to


on the firewall.

I hope it helps.


danielnunes Mon, 09/13/2010 - 08:41

Ok Kampana,

thanks for your attention.

I guess that I'll be work to do!!!

My Iptables configuration have for about 9000 lines.

I could to do a script to translate DNAT configuration but there are many differents forms from Access-list and it's difficult

to make a script for all.

8-) hehehe it's too hard!!!

thanks a lot friend!!

Panos Kampanakis Mon, 09/13/2010 - 08:47

Yeah, I understand.

With 9K of rules, I believe you will need a script, even though it will take some time to do it. and then you might also share it in the community for other that might need it in the future

danielnunes Mon, 09/13/2010 - 10:11


you are right, I'll take some take to do it, if i discover any way or script to optimize that task I'll be share with everybody.

thank a lot

see you

danielnunes Mon, 09/13/2010 - 19:09


does anyone help me about a sintaxe used by IPTABLES?

What's this command means?

A FORWARD -i vlan227 -j CTG-to-WAN

-A FORWARD -i eth2 -j CTG-to-WAN

-A FORWARD -d -i eth1 -j MTBrazil-to-SN

-A FORWARD -j PCBrazil



