I want to use iptables to set DNAT target. The multi-port virtual server is the purpose that I want to do. But I found that DNAT cannot map multi-port to destination multi-port. e.g.
iptables -t nat -A PREROUTING -p tcp --dport 1000:2000 -j DNAT --to-destination 192.168.1.100:3000-4000
I think this rule should be 1000 ------> 3000 1001 ------> 3001 ........................... 2000 ------> 4000
I tried to use whireshark to capture packets. No matter original packets are 1000, 1001, 2000 and so on, they seem translate to port 3000 only. That's wired the iptables only mapping many ports to one port.
Any advise ?
Thanks.
iptables-extensions' man page states that kernel 2.6.11-rc1 and newer don't support specifying multiple destination ports:
In Kernels up to 2.6.10 you can add several
--to-destinationoptions. For those kernels, if you specify more than one destination address, either via an address range or multiple--to-destinationoptions, a simple round-robin (one after another in cycle) load balancing takes place between these addresses. Later Kernels (>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges anymore.