IPTables and SNAT for just two ports

iptables nat

The key to iptables is the first match wins.

Assuming the client machine is 10.10.1.10 then you just have to look at these rules in order. If the first rule doesn't match it is going to pass down MASQ rule which it will match.

-A POSTROUTING -s 10.10.1.10 -p tcp --dport 80 -j SNAT --to-source 1.2.3.4:80
-A POSTROUTING -o eth0 -j MASQUERADE

If you were to add another rule before the final MASQUERADE rule should result in the NAT not happening. Since the packets from 10.10.1.10 will that are not destined to tcp/80 or tcp/443 will match the ACCEPT rule, meaning that they will not be translated by the SNAT/MASQ rules.

-A POSTROUTING -s 10.10.1.10 -p tcp --dport 80 -j SNAT --to-source 1.2.3.4:80
-A POSTROUTING -s 10.10.1.10 -p tcp --dport 443-j SNAT --to-source 1.2.3.4:443
-A POSTROUTING -s 10.10.1.10 -j ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE

Related

Re-give users ownership of their mapped home folders via powershell
Farm Deployer not working in Tomcat Cluster
Old SSL Certificate Cached on IE
Dovecot IMAP authentication failed
Public SSH keys not working for all users on same server
How to remove orphaned Domain Controller's DNS records?
Fedora 14 Repository List
Sending mails with monit over Google Apps mailserver
Routing Internet traffic through computer on another subnet
SIOCSIFFLAGS: No such file or directory
How do I make sure sftp server is VSFTPD?
What is the difference between $\omega$ and $\mathbb{N}$?