On Wednesday 2012-11-14 16:38, Eliezer Croitoru wrote: >Or instead just use DNAT with specific ports that will allow any other >traffic from this host to others based on basic NAT what called >"port-forwarding" Port forwarding is a terrible misnomer, because the port itself is an entity belonging to the host, and as such static. NA(P)T, or "port mapping" if you have to, is just fine and catches the spirit properly. If you need a car analogy, you can't move the piers/ports either, only the ships. That said, DNAT is exactly what I gave as one way of resolution. From there, one can use --dport(s) as needed, but then that's not a full 1:1 NAT anymore. (I get the feeling my mail was ignored, perhaps you should go through the text and bottom post like everybody else.) >> iptables -t nat -A PREROUTING -i internet [-d 114.XX.234.123] \ >> -j DNAT --to 192.168.1.38 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
