Reposting without all the MIME attachments - my apologies for the crud from Outlook. Here's my question again in plaintext. DNAT: Is it possible to have a SINGLE (DNAT?) rule that will let me do 1:1 port-forwarding over a range of ports while doing Destination NAT. e.g. Any incoming connections to 64.1.0.20:100-101 need to be mapped to 172.16.0.100:200-201 for the TCP protocol. such that a connection to port 101 will ALWAYS map to port 201 and a connection to port 100 will ALWAYS map to port 200. Under current DNAT port range scenario, the connection goes to the lowest port that is free e.g. a port 101 connection will be DNATt'ed to port 200 if port 200 is free. The reason for wanting a 1:1 rule is for X windows and other fat port ranges. Dont want hundreds of rules in there if one can do the job. Can IPTables do it ? If so how ? If not, I guess I'll have to get in touch with the developers for tips on a good starting point. Thanks in advance, Ranjeet Shetye.
