Can I have multiple DNAT rules targeting the same destination port but going to different destinations based on the source port of the connection?
To be more specific, I want to DNAT destination port 53 from the WAN into the DNS server on the LAN, unless the source port of the packet is 12345. In that case I want the packet to go to port 987 on the router itself where a service is listening.
If it makes it any easier, the service on the router can listen directly on port 53 so it's not really even a DNAT, just a WAN-input rule, but again, only if the source port on the connection is 12345, otherwise it should be DNATted to a specific host on the LAN on port 53.
