nft add rule nat ip saddr {10.0.0.0/8, 192.168.0.0/16} tcp dport {http, https} dnat 1.2.3.4
iptables -t nat -A PREROUTING -m tcp -p tcp -s 10.0.0.0/8 --match multiport --dports 80,443 -j DNAT --to 1.2.3.4 iptables -t nat -A PREROUTING -m tcp -p tcp -s 192.168.0.0/16 --match multiport --dports 80,443 -j DNAT --to 1.2.3.4
