On Wed, Apr 24, 2002 at 08:20:08PM -0400, Mailing List wrote:
> OK, that helped SOME, but how do I specify a bunch of ports to be
> forwarded?
>
> This does NOT work because '--dport' doesn't accept a range of ports,
> but this is what I tried:
>
> iptables -t nat -A PREROUTING -p tcp --dport 2090-2098 -i eth0 -j DNAT --to
>192.168.1.77
Did you try "2090:2098" ? Did you read "man iptables" ?
--source-port [!] [port[:port]]
Source port or port range specification. This can
either be a service name or a port number. An
inclusive range can also be specified, using the
format port:port. If the first port is omitted,
"0" is assumed; if the last is omitted, "65535" is
assumed. If the second port greater then the first
they will be swapped. The flag --sport is an alias
for this option.
--destination-port [!] [port[:port]]
Destination port or port range specification. The
flag --dport is an alias for this option.
>
> It gave me the error: invalid TCP port/service `2090-2098' specified
>
>
> Also, is there a way to specify more than one IP after '--to' ?
> (like 192.168.1.77,192.168.1.177 for 192.168.1.77 and 192.168.1.177 only ?)
>From "man iptables":
--to-destination <ipaddr>[-<ipaddr>][:port-port]
which can specify a single new destination IP
address, an inclusive range of IP addresses, and
optionally, a port range (which is only valid if
the rule also specifies -p tcp or -p udp). If no
port range is specified, then the destination port
will never be modified.
>
> I'm assuming that if I don't specify the ports after '-j DNAT --to' that it will use
>the same
> port as in '--dport', is this correct?
Yes.
>
> (i.e. If I specify '--dport 2090' and specify '-j DNAT --to 192.168.1.77', will it
> forward port 2090 on the gateway to port 2090 on 192.168.1.77 ?)
>
> Thanks for your help,
You're welcome.
RTFM
> GRE
