On Mar 17 2008 16:01, Andrew Schulman wrote:
It doesn't seem like a high priority for iptables, since the same thing can easily and more flexibly be accomplished with some bash scripting: for (( i=80 ; i<=85 ; ++i )) do iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport $(( 5000+i )) \ -j DNAT --to 192.168.1.10:$i done Yes, that is 6 iptables rules, but the performance difference is probably negligible, it's simple to code, and it's totally customizable to the user's needs. A specially written iptables target, OTOH, would require a whole separate kernel module just to cover this one fairly unusual transformation.
iptables -p tcp --dport A:B -j DNAT --to xxx:C-D And you would _also_ have to deal with cases where amount of(A..B) and amount of(C..D) are not the same. No, it would be too troublesome. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
