You'll probably want to use the NETMAP target which allows you to map a whole network of addresses onto another network of addresses (via the nat table only).
Technical explanation: "The resulting address will be constructed in the following way: All 'one' bits in the mask are filled in from the new `address'. All bits that are zero in the mask are filled in from the original address."
I've never used it but I assume (one of) the rules would look something like this
Code:
iptables -t nat -A PREROUTING -d 151.xxx.xxx.124 -j NETMAP --to 192.168.7.0/24
Note that the -d should really be a network and not an IP address, so I'm not sure if this will work
verbatim, though it seems to work properly:
Code:
root@gateway:~# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 34545 packets, 11M bytes)
pkts bytes target prot opt in out source destination
0 0 NETMAP all -- any any anywhere 151.1.3.124 192.168.7.0/24
.
I'd also try adding a
-d --match iprange 151.xxx.xxx.124-151.xxx.xxx.126 to try to compress it into a single rule.
The neat thing about the NETMAP target is that, IIRC, it doesn't mangle packets so all the host address (151.xxx.xxx.124) should remain intact.
Note: This may be a module or patch that's not commonly available (I compiled nearly every netfilter package into my kernel since it's a gateway...)