Iptables forward port range to another port range on a different host

Alexandru Eftimie picture Alexandru Eftimie · May 14, 2014 · Viewed 9.5k times · Source

I want to redirect incomming requests on a port range ( 30000 to 40000 ) to a different host on a different port range ( 10000-20000 ) mapping them 1 to 1. ( 30000 to 10000, 40000 to 20000 etc ) If the port range is the same i.e.:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 10000:20000 -j DNAT --to [local_ip]:10000-20000

It works perfectly. But if the initial port range is different from the port range on the secondary host:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to [local_ip]:10000-20000

Then instead of mapping each port with it's corresponding port all incomming connections on ports 30000-40000 are instead mapped to the same ( random i think ) port on the secondary host ( at the moment they are all going to 13675 ).

I have also tried to use port redirection using

-j REDIRECT

I can't get that to work either.

How can i maintain the same behavior from the first example to work with different port ranges?

Answer

Alexandru Eftimie picture Alexandru Eftimie · Aug 3, 2014

After a lot of searching and asking around, apparently iptables can't handle that, not even if using pseudo interfaces.