Hello, my iptables v1.4.21 rule is:

-A PREROUTING -i eth0 -p udp -m udp --dport 1234:1234 -j DNAT --to-destination 10.8.0.2,10.55.55.2


but i get error: Bad IP address "10.8.0.2,10.55.55.2"


How do i define --to-destination parameter for two IPs please?


In the man page on my CentOS 7 i am unable to find description for the -dst and --to-destination parameters.


Or i must create two identic commands one for first and other for second IP?

Nope, you'd probably need something else here, how would the system decide which one to pick? Maybe it's something you should handle on a software level load-balancer or client side + DNS?

Sorry, but you've been asking about iptables and such things for over SIX YEARS now, including the dport/destination flags:
https://www.linuxquestions.org/quest...es-4175499534/
https://www.linuxquestions.org/quest...ed-4175505960/
https://www.linuxquestions.org/quest...es-4175506598/
https://www.linuxquestions.org/quest...es-4175560562/
https://www.linuxquestions.org/quest...ic-4175673370/

As you've been asked before, is there some point at which you're going to be able to take what you've been told before and apply it?? You seem to continue to post questions that are just SLIGHTLY different than the ones you posted before. Rather than asking for another handout and someone to tell you what to do, why can't you learn from what you've been told and draw upon your experience and do something for yourself? You could have easily tried separate rules and found out what worked, in less time than it took you to post this question here, and on the other forums where you've posted.

Did you read or think about the *VERY PLAIN* message you got? You claim to have read the man page and documentation; hard to believe since it covers how to specify multiple address and how to do it, and what caveats apply. You need separate rules, and you *AGAIN* omit relevant details about your network, what you're trying to do, etc.

Thanks to Your comment i have got the idea. Actualy i do not necessarily need both commands to be active at same time (though i would prefer it for simplicity). I can setup a bash script for monitoring log output to detect when i need one rule and when another - it will be decided upon this script monitoring the logs which records my interactions with the server.
Maybe this explanation helps someone wanting to achieve similar thing.

You should, because its been suggested to you about a dozen times over the past six years.
To break this thread down:

• You ask for something that has a clear error message that tells you what's wrong
• You claim to have read the documentation; if you did, you'd have seen WHAT was wrong and how to fix it
• You've asked about iptables/firewalls/load-balancers for YEARS at this point
• Then you say you don't need it and are going to do it through a bash script

The error was clear when you first posted, and you've been asking about iptables, load balancers, and scripts for YEARS. Since you're going to do it with a script, how about posting it so it can 'help someone wanting to achieve similar thing'???

And you asked something almost identical in April: https://www.linuxquestions.org/quest...ic-4175673370/

So what was the point of this thread?