I didnt catch the fact that you need the source address. Are you tracking this for a reason? You can probably have iptables log the source address. This does in fact work, been using it for about 6 months now. Let me post my exact rules (IPs are obsfucated) iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -p tcp --dport 80 -d 192.168.1.7 -j DNAT --to 192.168.1.7 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d 192.168.1.7 -j DNAT --to 192.168.1.11:80 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.1.7 Regards Eric -- Eric Joe Network Operations Journey's End Internet/Computer Connection Inc > On Tuesday 08 April 2003 08:44 pm, Eric Joe wrote: > >> Do this >> >> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d x.y.z.1 -j >> DNAT --to x.y.z.2:80 >> >> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to x.y.z.1 > > am i wrong or i loose the original connection source address? > > if i check the log in x.y.z.2 i see connections from x.y.z.1. > I really need to preserve the source address. > Thank you very much > xchris
