note one thing - when the client tries to connect to port 80 of x.y.z.1, the firewall in x.y.z.1 redirects the traffic to x.y.z.2:80 so the client will be receiving packets from x.y.z.2:80 - which is not what it is expecting. It is waiting for packets from x.y.z.1:80 - so it will no doubt timeout. You should be able to see the packets coming from x.y.z.2:80 by running a sniffer on the client machine. I think Eric Joe did infact give the right solution - that x.y.z.1 will be working as a proxy between the client and x.y.z.2 - although you can question if you are achieving your "loadbalancing" by this. dhiraj -----Original Message----- From: xchris [mailto:lyra@xxxxxxxxxxxxx] Sent: 08 April 2003 23:17 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: redirection ----- Original Message ----- From: "Eric Joe" <sysop@xxxxxxxx> > I didnt catch the fact that you need the source address. Are you tracking > this for a reason? You can probably have iptables log the source address. > This does in fact work, been using it for about 6 months now. Let me post > my exact rules (IPs are obsfucated) i need it because i'm trying to do a simple load balancing between 2 local servers running opennap. (and opennap needs to know the IP address otherwise downloads dont start) thnak you xchris
