Jeremy Sowden <jeremy@xxxxxxxxxx> wrote:
> Commit 2eb0f624b709 ("netfilter: add NAT support for shifted portmap
> ranges") introduced support for shifting port-ranges in DNAT. This
> allows one to redirect packets intended for one port to another in a
> range in such a way that the new port chosen has the same offset in the
> range as the original port had from a specified base value.
>
> For example, by using the base value 2000, one could redirect packets
> intended for 10.0.0.1:2000-3000 to 10.10.0.1:12000-13000 so that the old
> and new ports were at the same offset in their respective ranges, i.e.:
>
> 10.0.0.1:2345 -> 10.10.0.1:12345
>
> However, while support for this was added to the common DNAT infra-
> structure, only the xt_nat module was updated to make use of it. This
> patch-set extends the core support and updates all the nft NAT modules
> to support it too.
>
> Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970672
> Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1501
I have no objections to the kernel side.
Pablo, unless you disagree I'm inclined to merge this.
