DNAT port range with different internal port range with Iptables

linux iptables nat linux-networking

To answer your question, yes.

I ran a sample rule on my Debian box...

iptables -t nat -A PREROUTING -i xenbr0 -p tcp --dport 64000:65000 -j DNAT --to 172.16.10.10:61000-62000

... which produced no output, indicating success. I'm running kernel 3.16.0-4-amd64.

Checking the NAT rule via iptables -t nat -vnL PREROUTING, I see the rule is listed...

DNAT       tcp  --  xenbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpts:64000:65000 to:172.16.10.10:61000-62000

MadHatter is correct, you do not need -m multiport for port ranges, only for comma-separated lists of ports. The : is needed in order to specify port ranges for the --dport option, but a - is needed in order to specify port ranges in the DNAT target.

How well this rule will work in practice I cannot say, but theoretically it should accomplish your goal.

More information on DNAT target can be found here.

Hope this helps.

Related

Cannot enable network discovery on Windows Server 2008 R2
How to achieve per-packet multipath routing on Linux?
How to block attachments on incoming mails only using Postfix?
Does the DisablePagingExecutive registry change have any actual effect?
OpenVPN bypass on some ports
Block specific Windows update hotfix
why no examples of horizontally scalable software load balancers balancing ssl?
What are some best practices when taking over IT at a new company? [closed]
How to obtain Cisco IOS firmware?
How to determine which file/inode occupies a given sector
Internet Explorer isn't auto-discovering http://wpad/wpad.dat auto-config
nginx error_log reports “bind() to 0.0.0.0:80 failed (48: Address already in use)”