Firstly assuming that 2000 is a typo. It should be 20000. This will probably do a one-to-one port mapping but that mapping will be dynamic, depending on which port comes first. so it could be 100.0.0.1:30003 > 192.168.0.5 : 10000 100.0.0.1:30001 > 192.168.0.5 : 10001 100.0.0.1:33567 > 192.168.0.5 : 10002 Just depending on what order the traffic comes and what is the next free port (Probably?)! -Akshat On Wed, Aug 5, 2015 at 10:19 PM, Doug Applegate <dapplegate@xxxxxxxxxxxxxxx> wrote: > Hello, > > After testing and looking at the kernel source, I realize that this mapping: > > iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to > [local_ip]:10000-2000 > > Doesn't do a one-to-one port mapping > e.g.: > 100.0.0.1:30000 > 192.168.0.5:10000 > 100.0.0.1.30001 > 192.168.0.5:10001 > 100.0.0.1.30002 > 192.168.0.5:10002 > > I was wondering if it was possible to do the 1:1 port range forwarding to > different port ranges or if you have to use individual rules. > > Thanks > > Doug > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
