How does one do that with iptables?/Kiel oni faras tion kun iptables?/Com es fa això amb iptables?

Created by Melanie Bjornsdottir, Tuesday 16 December 2025

Forward a range of ports/Plusendi gamon da pordoj/Redirigir sèrie de portes

source: Luxing Huang rephrased
> Machine A is 10.0.0.1, machine B is 10.0.0.2. One wants to forward ports 1025-50000 to machine B, one executes the following on machine A.
> Maŝino A estas 10.0.0.1, ϗ maŝino B estas 10.0.0.2. Oni volas plusendi pordojn 1025 ĝ. 50000 al maŝino B, do oni plenumas jenon ĉe maŝino A.
> Màquina A és 10.0.0.1, i màquina B és 10.0.0.2. Qui vol redirigir portes 1025 fins 50000 a màquina B executa el següent a màquina A.
> iptables -A INPUT -p tcp -m multiport --dports 1025:50000 -j ACCEPT
> iptables -t nat -I PREROUTING -p tcp -m tcp --dport 1025:50000 -j DNAT --to-destination 10.0.0.2:1025-50000
> iptables -A FORWARD -d 10.0.0.1/32 -i eth0 -p tcp -m tcp --dport 1025:50000 -j ACCEPT

Esence la saman metodon, sen multiport, proponas Lorenz kaj maff ĉi tie (ServerFault).
Essencialment el mateix mètode, sense multiport, el proponen el Lorenz i el maff al dit enllaç a ServerFault.
Essentially the same method is proposed by Lorenz and maff at the said link to ServerFault.

1:1 NAT/Traduki retadresojn 1:1/Traduir adreces de xarxa 1:1

https://www.cryptologie.net/posts/nat-with-iptables-super-fast-tutorial/
> "Static" agordo
> I have a server with:
> eth0 connected to the network
> eth1 connected to internet
> Let’s modify the PREROUTING part. Traffic coming from internet on our public address (@pub) and trying to reach our machine:
> iptables -t nat -A PREROUTING -d [publika adreso] -i eth0 -j DNAT --to-destination [privata adreso]
> iptables -t nat -A POSTROUTING -s [privata adreso/gamo dae] -o eth1 -j SNAT --to-source [publika adreso]
> "Dynamic" agordo
> Same kind of configuration but now we have several private addresses and only one public address.
> iptables -t nat -A POSTROUTING -s [privata adreso]/mask -j MASQUERADE
>