I am not aware of any built-in method to take one source port block and have it translate straight over and in logical order to a different destination port block. If I'm wrong here, I'm sure I'll be corrected. Now, the "redirect" target closely resembles this functionality. The tutorial describes it this way: "The --to-ports option specifies the destination port, or port range, to use. Without the --to-ports option, the destination port is never altered. This is specified, as above, --to-ports 8080 in case we only want to specify one port. If we would want to specify an port range, we would do it like --to-ports 8080-8090, which tells the REDIRECT target to redirect the packets to the ports 8080 through 8090. Note that this option is only available in rules specifying the TCP or UDP protocol with the --protocol matcher, since it wouldn't make any sense anywhere else." -----Original Message----- From: Max Yin [mailto:max.yin@xxxxxxxxxxxxx] Sent: Monday, January 12, 2004 10:49 PM To: markee@xxxxxxxxxxxxxxx Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Port range forwarding Well, thanks for your reply. Since I'm doing this in uClinux, both memory and performance are limited. Your suggestion should work but... one setting might create hundreds of rules. So, netfilter cannot be configured to use two port ranges with the same range but different starting port number (3100-3500 to 2100-2500)? 於 2004/1/13 下午 2:26 時,Mark E. Donaldson 提到: > I'm sure there are some better solutions available, but this should > work: > > i=3100 > while [ "$i" -le 3500 ] > do > $IPT -t nat -A PREROUTING -i eth0 -j DNAT -p tcp -- dport $i > --to-destination 192.168.2.60:$i > > i=`expr $i + 1` > done > > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Max Yin > Sent: Monday, January 12, 2004 4:43 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Port range forwarding > > Hi, > I'm not sure if this question is already been asked before or not, > because I > can't find any discussion before. > > I want to setup a port forwarding rule that will translate a specified > port > range to another port range, for example: > > iptables -t nat -A PREROUTING -i eth0 -j DNAT -p tcp --dport 3100:3500 > --to-destination \ 192.168.2.60:2100-2500 > > But I found that all connections from 3100 to 3500 will be mapped to > 2100 > port only, not 3100 to 2100, 3101 to 2101, etc. > > So, how can I make it? or is it possible ? > > Thanks > Max > > > >
