On Fri, Oct 31, 2003 at 12:30:10PM -0700, Han, Yan wrote: > Are you saying the FORWARD chain should ACCEPT? > All forward is accepted. I'm sorry. I had not read your first message. So you say you want to reroute the traffic instead of 150.135.44.245 to 150.135.44.96. Is 150.135.44.96 behind 150.135.44.245 with respect to the client? if not you need to apply an SNAT so that the return traffic gets back to the router in order to apply the de-DNATting. Client --> 150.135.44.245 DNAT takes place and it becomes Client --> 150.135.44.96 the server replies back to the client directly 150.135.44.96 --> Client the clients TCP stack drops the packets as it has no reference to such a socket between 150.135.44.96 and Client. But if 150.135.44.96 is behind 150.135.44.245 with respect to the client and your forwarding is on and the FORWARD policy is ACCEPT, then I don't know. Ramin
