On 10/04/2014 12:22 AM, Rufe Glick wrote:
Hello,
On the 'forwarder' machine with ip address of 10.0.0.1 I set up port
forwarding using firewalld from of5001-5002/tcp range to ports 6001-6002
of 10.0.0.2 machine. Now when I connect to 10.0.0.1 from a third machine
to ports 5001 or 5002 both connections go to port 6001 of the 10.0.0.2
machine; no connection ever goes to port 6002. So what's the purpose of
having range if connections to all 'forward-from-ports' always go to the
first port from the 'forward-to-ports' range? What am I missing?
No idea, sorry.
Your example creates the following rules:
*mangle
-A PRE_public_allow -p tcp -m tcp --dport 5001:5002 -j MARK --set-xmark
0x64/0xffffffff
*nat
-A PRE_public_allow -p tcp -m mark --mark 0x64 -j DNAT --to-destination
10.0.0.2:6001-6002
Description of DNAT's --to-destination in iptables-extensions man page
does not explain how it should actually work.
I tried to find some answers via Google, but without any luck.
Thomas, any ideas ?
--
Jiri