Iptables forward port range to another port range on a different host

Question

I want to redirect incomming requests on a port range ( 30000 to 40000 ) to a different host on a different port range ( 10000-20000 ) mapping them 1 to 1. ( 30000 to 10000, 40000 to 20000 etc ) If the port range is the same i.e.:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 10000:20000 -j DNAT --to [local_ip]:10000-20000

It works perfectly. But if the initial port range is different from the port range on the secondary host:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to [local_ip]:10000-20000

Then instead of mapping each port with it's corresponding port all incomming connections on ports 30000-40000 are instead mapped to the same ( random i think ) port on the secondary host ( at the moment they are all going to 13675 ).

I have also tried to use port redirection using

-j REDIRECT

I can't get that to work either.

How can i maintain the same behavior from the first example to work with different port ranges?

Answer 1

After a lot of searching and asking around, apparently iptables can't handle that, not even if using pseudo interfaces.

Answer 2

I'd try using xinit.d to accept incoming connections on your desired port range, and have it automatically instantiate something like netcat ( nc ) for each tunnel that's actively in-use.

maybe this link might help, it's similar: https://blog.linuxnet.ch/automatic-tunnels-with-xinetd-and-netcat/ or Executing script on receiving incoming connection with xinetd