to forward from receiving ip to destination ip on the same port:
# nat to destination - forward all requests received by receiving ip on receiving port to destination ip
-A PREROUTING -d <receiving ip> -p tcp --dport <receiving port> -j DNAT --to <destination ip>
# nat from destination - mask incoming from destination ip on receiving port as from receiving ip
-A PREROUTING -d <destination ip> -p tcp --dport <receiving port> -j SNAT --to <receiving ip>
to forward from receiving ip's specific port to destination ip's different port:
# nat to destination - forward all requests received by receiving ip on receiving port to destination ip on different port
-A PREROUTING -d <receiving ip> -p tcp --dport <receiving port> -j DNAT to <destination ip>:<destination port>
# nat from destination - mask incoming from destination ip's destination port as from receiving ip's receiving port
-A POSTROUTING -d <destination ip> -p tcp --dport <destination port> -j SNAT --to <receiving ip>:<receiving port>
see sample below:
to forward to a port range:
-A PREROUTING -d <receiving ip> -p tcp --dport <start of port range>:<end of port range> -j DNAT --to <destination ip> --sport <start of port range>:<end of port range>
-A POSTROUTING -d <destination ip> -p tcp --dport <start of port range>:<end of port range> -j SNAT --to <receiving ip> --sport <start of port range>:<end of port range>
be sure to accept connections to that port range:
-A INPUT -p tcp --dport <start of port range>:<end of port range> -j ACCEPT
No comments:
Post a Comment