Adam wrote:
I am wondering weather this is possible. I have one port and one public IP address lets say: 34.123.22.33:5615 If I connect using SSH I want to DNAT to port 22, if I connect using SSL I want to DNAT to port 443, if I connect using HTTP I want to DNAT to port 80. If this kind of upper layer protocol determination possible? If so, is netfiter the application to do it?
No, this is not (easily) possible, and certainly not with iptables. The reason is that you need a complete three way handshake before data starts flowing and you can determine what protocol is spoken. However, NAT must act at all packets, from the first. Besides, if you could start NATting at a certain point, the recipient would not see the three way handshake, so you cannot connect to your final destination.
Your only hope is some kind of proxy. And if you find it, please let me know, I would be very interested as well.
HTH, M4
