iptables port forward not working for port range mapping to anohter Port range in Linux 2.6.39
Hi All,
I have a issue that the iptables rules not working in below case.
-A PORTFORWARD_NAT_CHAIN -i erouter0 -p tcp -m tcp --dport 2000:2005 -j DNAT --to-destination 192.168.0.20:4000-4005
-A PORTFORWARD_NAT_CHAIN -s 192.168.0.0/24 -d 10.4.2.119/32 -i l2sd0.2 -p tcp -m tcp --dport 2000:2005 -j DNAT --to-destination 192.168.0.20:4000-4005
=> Its current work as below (seem always maps to 4000 port)
10.4.2.119:2000 ==> 192.168.0.20:4000
10.4.2.119:2001 ==> 192.168.0.20:4000
...
10.4.2.119:2005 ==> 192.168.0.20:4000
I would expect below behavior
10.4.2.119:2000 ==> 192.168.0.20:4000
10.4.2.119:2001 ==> 192.168.0.20:4001
10.4.2.119:2002 ==> 192.168.0.20:4002
...
10.4.2.119:2005 ==> 192.168.0.20:4005
Somehow, the rules not have problem in below case
-A PORTFORWARD_NAT_CHAIN -i erouter0 -p tcp -m tcp --dport 2000:2005 -j DNAT --to-destination 192.168.0.20
-A PORTFORWARD_NAT_CHAIN -s 192.168.0.0/24 -d 10.4.2.119/32 -i l2sd0.2 -p tcp -m tcp --dport 2000:2005 -j DNAT --to-destination 192.168.0.20
10.4.2.119:2000 ==> 192.168.0.20:2000
...
10.4.2.119:2005 ==> 192.168.0.20:2005
Any comment or is this a linux iptables limiation? Thanks for your help!
Best Regards
James
Last edited by kinghong66; 06-16-2015 at 03:30 AM.
Reason: incomplete
|