Is it OK, to use iptables SNAT rule with inverted -o parameter?

configuration iptables nat router

Would it be OK/reliable, to use just one rule?:

iptables -t nat -I POSTROUTING ! -o eth2 -s 192.168.10.0/24 -j SNAT --to PUBLIC_IP_ADDRESS

The BGP linux router has 25 ethernet interfaces. This iptables rule with "! -o XY" should allow the traffic to be SNATed and leave the router through all interfaces other than eth2. Behind eth2 interface, there is a local network 192.168.10.0/24 - those machines in local network should communicate to outer world through eth0, eth1, eth3, eth4.

So I guess it is more common variant to use "! -o eth2" because it is not necessary to write 4 SNAT rules, one for each iface eth0, eth1, eth3, eth4.

I'm just not sure if it is good idea to set it up this way... In the LAB where I have testing version of the network, including 2 BGP upstream peers, it seems to work well...

If your answer is no/yes, please, tell me why, as well.

thank you a lot. Pep.


I`ll answer myself... Yes, it works perfectly...

Related

Authentication of Apache+SVN server behind nginx reverse proxy
Why does sub_filter seem to not work when used in conjunction with proxy_pass?
linux: shorter 'host' command output
Is there a simple way to synch up two AWS RDS Mysql Instances?
How to convert a .mov file to mp4 file? [duplicate]
Check whether a MacBook is new or not
How do I show hidden files in Finder with a keyboard shortcut?
How do I disable Spotlight?
How can I force an app to redownload from Mac App Store?
Select a menu item in AppleScript without using "System Events" in 10.9 Mavericks
Can I use iPhone earbuds as a microphone on my MacBook?
Can I lower the minimum volume on my Mac?