Fulvio,thanks for your answer. But my situation is:
Our company have internal network 192.168.0.0/24 and 1 Externat internet IP. Let it be $E. Three managers of the company wants to work at home with their remote workstations via Microsoft RDP (port 3389). Their home IP’s are $A,$B,$C. So, I need the next schematic:
$A=>$E=>192.168.0.100:3389
$B=>$E=>192.168.0.101:3389
$C=>$E=>192.168.0.102:3389
Other incoming conections to company’s gateway ($E) must be dropped.
This schema is impossible to release with your algorithm because every packet, coming to external interface will have $E destination adress.