From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrea Rossato Subject: Re: Does IPTables have a 1:1 port-forwarding capability for a DNAT port-range ? Date: Fri, 13 Dec 2002 13:02:56 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3DF9CC70.3080603@istitutocolli.org> References: <000601c2a23f$619ffef0$0100a8c0@zultys.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <000601c2a23f$619ffef0$0100a8c0@zultys.com> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org Ranjeet Shetye wrote: > The reason for wanting a 1:1 rule is for X windows and other fat port > ranges. Dont want hundreds of rules in there if one can do the job. Can > IPTables do it ? If so how ? If not, I guess I'll have to get in touch > with the developers for tips on a good starting point. I believe that the only way is to hack nat code. I will start looking in net/ipv4/netfilter/ip_nat_core.c and the function manip_pkt that, as far as I understand, is actually writing the NATed packet andrea