Hi, This is almost off topic, but... When you finally have the ruleset working, you will still tear your hair of when you try to look at the web site in a MicroWhatever Internet Explorer - especially when the "The page cannot be displayed" message hits your face. Why? Because IE cannot resolve your address if your server is listening on another port than 80, so every time someone tries to connect to your site by typing www.your.domain:8080 without "http://" in the beginning, they will get the error message. Actually, the error appers even if someone types your.domain:80 without http but it almost never happens. Funny, isn't it? And yes, I have a uge chunk of hair ripped of just above my ears. ;-) Regards, S-Å -----Original Message----- From: Antony Stone To: Netfilter Sent: 2004-02-18 15:19 Subject: Re: Instructions on how to redirect port 80 to port 8080 On Wednesday 18 February 2004 2:06 pm, Martinez, Michael wrote: > --> iptables -A PREROUTING -t nat -d a.b.c.d -p tcp --dport 80 > --> -j REDIRECT --to 8080 > > This isn't working. I can "telnet `hostname` 8080" and get an http > response, but when I do "telnet `hostname` 80" the response I get is > "telnet: Unable to connect to remote host: Connection refused." Given the ruleset you've posted, I don't see how a telnet to 8080 can work, since you have no INPUT rule allowing packets to that port... Please flush the counters on your rules using "iptables -Z; iptables -Z -t nat", connect to port 8080, and then tell us the output of "iptables -L -nvx; iptables -L -t nat -nvx".