When I saw this thread yesterday, I tried to pull this off using the NETMAP target--obviously no dice. To netfilter devs: could the NETMAP target be extended to work with port numbers as well as IP addresses? John -- John Miller Systems Engineer Brandeis University johnmill@xxxxxxxxxxxx On Thu, Aug 6, 2015 at 11:29 AM, Doug Applegate <dapplegate@xxxxxxxxxxxxxxx> wrote: > Akshat, > > Thanks for clarifying the behaviour. I'm assuming then, that the only way to > get 1:1 port mappings with different end point ports is to create a separate > rule for each port? > > Doug > > On 08/06/2015 01:26 AM, Akshat Kakkar wrote: >> >> >> Firstly assuming that 2000 is a typo. It should be 20000. >> >> This will probably do a one-to-one port mapping but that mapping will >> be dynamic, depending on which port comes first. >> so it could be >> 100.0.0.1:30003 > 192.168.0.5 : 10000 >> 100.0.0.1:30001 > 192.168.0.5 : 10001 >> 100.0.0.1:33567 > 192.168.0.5 : 10002 >> >> Just depending on what order the traffic comes and what is the next >> free port (Probably?)! >> >> -Akshat >> >> On Wed, Aug 5, 2015 at 10:19 PM, Doug Applegate >> <dapplegate@xxxxxxxxxxxxxxx> wrote: >>> >>> Hello, >>> >>> After testing and looking at the kernel source, I realize that this >>> mapping: >>> >>> iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT >>> --to >>> [local_ip]:10000-2000 >>> >>> Doesn't do a one-to-one port mapping >>> e.g.: >>> 100.0.0.1:30000 > 192.168.0.5:10000 >>> 100.0.0.1.30001 > 192.168.0.5:10001 >>> 100.0.0.1.30002 > 192.168.0.5:10002 >>> >>> I was wondering if it was possible to do the 1:1 port range forwarding to >>> different port ranges or if you have to use individual rules. >>> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html