Yes, it's perfect. I just forgot to enable ip_forwarding right now. the problem was because of it. I used this command and it works properly. conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 --dport 5005 --dst-nat 192.168.122.1:1234 --src-nat 192.168.122.103:2222 --timeout 30 That's great. Thank you so much Pablo. With best regards On Sat, Apr 27, 2019 at 12:07 AM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Fri, Apr 26, 2019 at 11:53:29PM +0430, Mojtaba wrote: > > Thanks again, It works correctly now. But how can i set port 1111? I > > have just tried like this command but i don’t work and i don't get any > > packets on port 1111 in 192.168.122.1: > > conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 > > --dport 5005 --dst-nat 192.168.122.1:1234 --timeout 30 > > > > The packets that i got on 192.168.122.1 are either port 5070 or port > > 5005 like below: > > 23:33:38.520746 IP 192.168.122.242.5070 > 192.168.122.103.5005: UDP, length 12 > > 23:33:38.528807 IP 192.168.122.242.5070 > 192.168.122.103.5005: UDP, length 12 > > > > Actually i would like get packet on 192.168.122.1 on port 1111 like > > this. If i set the two rule of iptables in nat table, i could see the > > packet on 192.168.122.1 like below,too > > 23:33:38.528807 IP 192.168.122.103.2222 > 192.168.122.1.1111: UDP, length 12 > > 23:33:38.528807 IP 192.168.122.103.2222 > 192.168.122.1.1111: UDP, length 12 > > > > So how can i set --src-nat to 192.168.122.103 and port 2222, too? > > Does this work? > > conntrack -I -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 --dport 5005 --dst-nat 192.168.122.1:1234 --timeout 30 -- --Mojtaba Esfandiari.S
