First: 192.168.1.100, .101, .102 are all on the same subnet, but .102 is on a different physical network. This shouldn't work at all.
Quote:
Originally Posted by willyweedle
#iptables -t nat -A POSTROUTING -j SNAT --to $assignedIP
|
This rule is applied to any packet, regardless of interface it comes in / goes out through or address it comes from / goes to. Is this really what you are using?
As to your question: What you are looking for is port forwarding. Add a PREROUTING rule to DNAT the packets and add a FORWARD rule to allow those packets through, e.g. to forward www:
Code:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.100
iptables -A FORWARD -i eth1 -p tcp --dst 192.168.1.100/32 --dport 80 -j ACCEPT