Akshat,
Thanks for clarifying the behaviour. I'm assuming then, that the only
way to get 1:1 port mappings with different end point ports is to create
a separate rule for each port?
Doug
On 08/06/2015 01:26 AM, Akshat Kakkar wrote:
Firstly assuming that 2000 is a typo. It should be 20000.
This will probably do a one-to-one port mapping but that mapping will
be dynamic, depending on which port comes first.
so it could be
100.0.0.1:30003 > 192.168.0.5 : 10000
100.0.0.1:30001 > 192.168.0.5 : 10001
100.0.0.1:33567 > 192.168.0.5 : 10002
Just depending on what order the traffic comes and what is the next
free port (Probably?)!
-Akshat
On Wed, Aug 5, 2015 at 10:19 PM, Doug Applegate
<dapplegate@xxxxxxxxxxxxxxx> wrote:
Hello,
After testing and looking at the kernel source, I realize that this mapping:
iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to
[local_ip]:10000-2000
Doesn't do a one-to-one port mapping
e.g.:
100.0.0.1:30000 > 192.168.0.5:10000
100.0.0.1.30001 > 192.168.0.5:10001
100.0.0.1.30002 > 192.168.0.5:10002
I was wondering if it was possible to do the 1:1 port range forwarding to
different port ranges or if you have to use individual rules.
Thanks
Doug
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
!SIG:55c30c7a225911004013073!
--
Doug Applegate | Firmware Engineer | Cradlepoint
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
