On Fri, Apr 26, 2019 at 11:53:29PM +0430, Mojtaba wrote: > Thanks again, It works correctly now. But how can i set port 1111? I > have just tried like this command but i don’t work and i don't get any > packets on port 1111 in 192.168.122.1: > conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 > --dport 5005 --dst-nat 192.168.122.1:1234 --timeout 30 > > The packets that i got on 192.168.122.1 are either port 5070 or port > 5005 like below: > 23:33:38.520746 IP 192.168.122.242.5070 > 192.168.122.103.5005: UDP, length 12 > 23:33:38.528807 IP 192.168.122.242.5070 > 192.168.122.103.5005: UDP, length 12 > > Actually i would like get packet on 192.168.122.1 on port 1111 like > this. If i set the two rule of iptables in nat table, i could see the > packet on 192.168.122.1 like below,too > 23:33:38.528807 IP 192.168.122.103.2222 > 192.168.122.1.1111: UDP, length 12 > 23:33:38.528807 IP 192.168.122.103.2222 > 192.168.122.1.1111: UDP, length 12 > > So how can i set --src-nat to 192.168.122.103 and port 2222, too? Does this work? conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 --dport 5005 --dst-nat 192.168.122.1:1234 --timeout 30
