On Mon, 2003-11-10 at 07:01, Lohan Spies wrote: > Anthony, > > I tried this but it is not working! I'm not so sure you can actually get this to work. > It is TCP > > I want to map (internal) 10.10.10.41 port 15000 to (external) > 196.2.147.208 port 80. > And then if anything from ip 196.2.147.208 port 80 comes back it must be > forwarded to 10.10.10.41 port 15000. This second half of the equation is the problem. The traffic come in from the Internet to your internal IP. You then rewrite the destination IP to go back to some other host on the Internet. The host on the Internet then replies with a SYN/ACK to the source IP address, which is the original host on the Internet. Now, unless your internal network lies in the direct path of these two external system, the SYN/ACK is going to be sent directly to this original external host. So this host is going to see a SYN/ACK packet from some host it never sent a SYN packet to. This of course means the SYN/ACK will be discarded with a RST. Would it not be easier to simply change DNS to point to the external host? HTH, C
