Iptables forward port range to another port range on a different host

I want to redirect incomming requests on a port range ( 30000 to 40000 ) to a different host on a different port range ( 10000-20000 ) mapping them 1 to 1. ( 30000 to 10000, 40000 to 20000 etc ) If the port range is the same ie:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 10000:20000 -j DNAT --to [local_ip]:10000-20000

It works perfectly. But if the initial port range is different from the port range on the secondary host:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to [local_ip]:10000-20000

Then instead of mapping each port with it's corresponding port all incomming connections on ports 30000-40000 are instead mapped to the same ( random i think ) port on the secondary host ( at the moment they are all going to 13675 ).

I have also tried to use port redirection using

-j REDIRECT

I can't get that to work either.

How can i maintain the same behavior from the first example to work with different port ranges?


经过大量的搜索和询问,显然iptables无法处理,即使使用伪接口。


I'd try using xinit.d to accept incoming connections on your desired port range, and have it automatically instantiate something like netcat ( nc ) for each tunnel that's actively in-use.

maybe this link might help, it's similar: https://blog.linuxnet.ch/automatic-tunnels-with-xinetd-and-netcat/ or Executing script on receiving incoming connection with xinetd

链接地址: http://www.djcxy.com/p/20450.html

上一篇: 如何获得文件扩展名的IPreviewHandler?

下一篇: Iptables将端口范围转发到另一主机上的另一个端口范围