I need some help here. I have a single IP from my internet provider. Any additional IPs are at $5/mo for each address. So to save money I'm trying to use Iptables' string match module from the patch-o-matic to match against domain names in the packet. However, it doesn't seem to be working. Here's an example. in the PREROUTIG chain: iptables -A PREROUTING -m string --string 'mydomain1.org' -m tcp -p tcp --dport 23 -j DNAT --to-destination 192.168.0.10:8023 so if I try and telnet (port 23) to mydomain1.com, it should be redirected to 192.168.0.10, port 8023, right? No go. I get dropped into the local machine's telnet daemon. The rule didn't match. Why? Here's how the entry is listed in my /etc/hosts: 12.210.176.53 mydomain1 mydomain1.org 12.210.176.53 mydomain2 mydomain2.org Is something wrong here? Is there a better way to forward traffic based on the domain name in the packet? Thanks! --- Dan
