try one thing - flush all rules and add the rule iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination x.y.z.2:80 I have a feeling that you are doing something in the POSTROUTING chain which is why you are not getting the right result. Or maybe you have a rule to drop the packet defined? dhiraj -----Original Message----- From: xchris [mailto:lyra@xxxxxxxxxxxxx] Sent: 09 April 2003 09:14 To: Bhuyan,D,Dhiraj,XVR3A C; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: redirection On Wednesday 09 April 2003 10:40 am, you wrote: > You do infact need DNAT and not SNAT > > iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT > --to-destination x.y.z.2:80 > > this should work. I tried but all connections go in timeout. I first flushed every chain,set default policy everywhere,and then added DNAT rule... no result... The strange thing is : if i DNAT on another interface everything is ok. if i DNAT through the incoming connection interface... it fails. strange... I think i miss something.. Thank you Chris
