From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Fabrizio Regalli" <fabreg@gmail.com>
Subject: DNAT and SNAT
Date: Wed, 3 Sep 2008 16:02:50 +0200
Message-ID: <43d295de0809030702i1d42b404w36483608498a6fcc@mail.gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type:content-transfer-encoding
         :content-disposition;
        bh=+asdl8+MMlpVmmMpWq6cvVUOWKTsL5O9XYfqx1f3xrU=;
        b=Fu6Pe11nCFxAhXDoOHyxQc9snO6QplY/C7KUbEqt71vcfNJVCdaXy4JfSp++Fe6nSP
         y+fpRvA62N1C9Sc9J9A4ZINSqLbXNU33oAPUXPniTfoXOTnSJf9bSEWIdxKZ87oxP9Ge
         0/fU28O2mlc3aWGDLNBihqL3IjaYFfwWiHGy4=
Content-Disposition: inline
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: netfilter@vger.kernel.org

Hi list.

I have a router "closed" and I can't using PAT but I need to forward
the ssh port to another external port (50002)
My router is 192.168.1.1
My server is 192.168.1.2
My client is 192.168.1.3
In other words I need to forward the ssh port of 192.168.1.3 to server ip:50002

For PREROUTING rule I suppose this is right:

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 50002 -j DNAT
--to-destination 192.168.1.3:22

For POSTROUTING rule, I need an help. I'm trying in this way:

iptables -t nat -A POSTROUTING -p tcp -m tcp -d 192.168.1.2 --dport 22
-j SNAT --to-source 192.168.1.2:50002

But unfortunately it doesn't work.

Could please someone give me a suggest for POSTROUTING rule?

Thanks in advance.