Jan Engelhardt a écrit :
Hello,
It seems I can't specify several --to-destination (like the man page
tells), and iptables doesn't spit any errors.
Am I doing something wrong?
Only one --to-destination is supported.
This restriction was first introduced in kernel 2.6.11. Previous 2.6
kernels, as well as 2.4 kernels, should support multiple ranges.
ChangeLog-2.6.11 :
" [PATCH] Remove NAT to multiple ranges
The NAT code has the concept of multiple ranges: you can say "map this
connection onto IP 192.168.1.2 - 192.168.1.4, 192.168.1.7 ports
1024-65535, and 192.168.1.10". I implemented this because we could.
But it's not actually *used* by many (any?) people, and you can
approximate this by a random match (from patch-o-matic) if you really
want to. It adds complexity to the code."
changes-iptables-1.3.4.txt :
" Print error message when multiple "--to" DNAT/SNAT args are used
with kernel >= 2.6.10"
^^
There seems to be a little mistake here, should be 2.6.11 according to
Linux changelog.
