On 11/14/2012 5:54 PM, Jan Engelhardt wrote:
On Wednesday 2012-11-14 16:38, Eliezer Croitoru wrote:
>Or instead just use DNAT with specific ports that will allow any other
>traffic from this host to others based on basic NAT what called
>"port-forwarding"
Port forwarding is a terrible misnomer, because the port itself is an
entity belonging to the host, and as such static. NA(P)T, or "port
mapping" if you have to, is just fine and catches the spirit properly.
If you need a car analogy, you can't move the piers/ports either, only
the ships.
That said, DNAT is exactly what I gave as one way of resolution. From
there, one can use --dport(s) as needed, but then that's not a full 1:1
NAT anymore.
(I get the feeling my mail was ignored, perhaps you should go through
the text and bottom post like everybody else.)
>> iptables -t nat -A PREROUTING -i internet [-d 114.XX.234.123] \
>> -j DNAT --to 192.168.1.38
Since he has very specific problem I suggested to do that which extends
your saying.
By the way you spelled it better then me..
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
