Hi all Is it possible to create a static nat rule with match source ip or source port like IPtable command below? iptables -t nat -D PREROUTING -p tcp -s X.X.X.X -d Y.Y.Y.Y --dport 8080 -j DNAT --to-destination Z.Z.Z.Z:5566 For security issue, we want to allow only X.X.X.X to access port 8080. But we still need to re-use 8080 port in ED mode. 1. create rule A for port 8080 to mapping Z.Z.Z.Z:5566 and establish connection 2. after established, delete rule A, and connection need to be kept. 3. and only allow X.X.X.X to access rule A 4. create rule B for port 8080 to mapping W.W.W.W:1234 and establish connection 5. after established, delete rule B, two connection need to be kept.
Thanks a lot Regards, Date
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17542): https://lists.fd.io/g/vpp-dev/message/17542 Mute This Topic: https://lists.fd.io/mt/77169416/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
