Yes, almost anything is possible. >For instance, there are 3 web servers on the lan say 10.1.1.1 - 10.1.1.3 and >I want all port 80/443 that comes to the netfilter machine on the >inet_address 1.2.3.4 to go to lan_address 10.1.1.1 iptables -A PREROUTING -i $EXTDEV -d 1.2.3.4 -p tcp --dport 80 -j DNAT 10.1.1.1 # If I understand what you said is that "on the inet_address" meanin the -d destintion address..?? >and all port 80/443 from inet_address 4.3.2.1 to forward to 10.1.1.2 etc. Is this possible? iptables -A PREROUTING -i $EXTDEV -s 4.3.2.1 -p tcp --dport 443 -j DNAT 10.1.1.1 # Also you said "from inet_address".. >If so, how about a point in the right direction. So what your doing is making everybody browse 10.1.1.1 but yourself coming from a different source IP outside to view a different webserver?? right?? Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Brei, Matt [mailto:mbrei@xxxxxxxxxxxxxxx] Sent: Thursday, May 22, 2003 9:02 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Multiple IP addresses Greetings, I'm using netfilter to nat/firewall my cable connection to my lan. I currently have 5 static IP addresses and would like to know if it is possible to alias all 5 addresses on the inet_iface and then forward to different machines on the lan_iface based on destination IP. For instance, there are 3 web servers on the lan say 10.1.1.1 - 10.1.1.3 and I want all port 80/443 that comes to the netfilter machine on the inet_address 1.2.3.4 to go to lan_address 10.1.1.1 and all port 80/443 from inet_address 4.3.2.1 to forward to 10.1.1.2 etc. Is this possible? If so, how about a point in the right direction. TIA Matt
