1

I have following rules

iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20001:20100 -j DNAT --to-d 169.13.29.133:80
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20101:20200 -j DNAT --to-d 169.13.29.134:80
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20201:20300 -j DNAT --to-d 169.13.29.135:80
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20301:20400 -j DNAT --to-d 169.13.29.136:80
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20401:20500 -j DNAT --to-d 169.13.29.137:80
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20501:20600 -j DNAT --to-d 169.13.29.138:80

Is there a way to write a single rule to NAT entire range of subnet(169.13.29.129/27) to 192.168.0.2 with port range 20001-21000?

I had tried with rule iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20501:20600 -j DNAT --to 169.13.29.129/27:80 but unable to access any port on 192.168.0.2.

Similarly I had used rule iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20501:20600 -j DNAT --to 169.13.29.133-169.13.29.138:80 and tried access 192.168.0.2:20001 and 192.168.0.2:20133, both load the same page.

Sudhashri S Hebbar
  • 11
  • 1

0 Answers0