netfilter can we snat port numbers like ip address

Hi all,

will the rule work?

iptables -t nat -A POSTROUTING -i eth1 -p udp --dport 1024 -j
MASQUERADE --to-port 1024

can i instruct iptables to nat all ougoing packets arriving on a
praticular port to go only out of router on this port only
(when i receive udp pkt on port no 1024 from eth0 should snat and go
out from eth1 interface on port 1024 only)

can any one help

Hello,

muruga a écrit :
>
> will the rule work?
>
> iptables -t nat -A POSTROUTING -i eth1 -p udp --dport 1024 -j
> MASQUERADE --to-port 1024

No. You cannot use -i (input interface) in the POSTROUTING chain. Did
you mean -o (output interface) ?

> can i instruct iptables to nat all ougoing packets arriving on a
> praticular port to go only out of router on this port only
> (when i receive udp pkt on port no 1024 from eth0 should snat and go
> out from eth1 interface on port 1024 only)

I am not sure I understand what you want exactly. Please clarify when
you mean source or destination port. This rule masquerades the original
source IP address and replaces the original source port with 1024. Is
this what you want ? Be aware that in case of multiple connections it
may cause packets to be dropped because of connection tracking "collisions".

If you want to mangle the source port only and not the source IP
address, use the SNAT target instead :

iptables -t nat -A POSTROUTING -i eth1 -p udp --dport 1024 \
-j SNAT --to-source :1024

Hi,
sorry i need this
iptables -t nat -A POSTROUTING -o eth1 -p udp --dport 1024 -j
MASQUERADE --to-port l024

what i want is any udp packet received on 1024 port should go out or
the router on 1024 port(the router to sent out from 1024 on wan
interface eth1)