Hi, I need to manipulate all output requests for an IP range and change the destination port. For a specific IP, the following rule works for me: iptables -t nat -A OUTPUT -p tcp -d 1.2.3.4 --dport 22 -j DNAT --to-destination 1.2.3.4:555 which is changing the destination port to 555 on all outgoing requests for port 22 for IP 1.2.3.4. But I need to apply this to an IP range. something like this: iptables -t nat -A OUTPUT -p tcp -d 1.2.3.0/24 --dport 22 -j DNAT --to-destination 1.2.3.0/24:555 to do the following: 1.2.3.1:22 => 1.2.3.1:555 1.2.3.2:22 => 1.2.3.2:555 1.2.3.3:22 => 1.2.3.3:555 etc iptables accepts IP range with "-d" switch. but as for "--to-destination", it doesn't accept IP range. Does anyone have any idea how should I do this? Thanks in advance Hamed Afshar -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
