On Thursday 13 May 2004 6:52 pm, Paul F. Bernal B. - EasyTeck wrote: > Hi!, > > I got an internal 192.168.0.0/24 LAN with about 5 web servers including > the one which has iptables running and internet output ... You're running your firewall and a web server on the same machine? Ugh... > What I need to do is: > > When someone in the Internet asks for http://sub1.mydomain.com/ respons > the 192.168.0.3 machine (wich has a web server running port 80) > > When someone in the Internet asks for http://sub2.mydomain.com/ responds > the 192.168.0.4 machine (wich has a web server running port 80) If DNS resolves sub1.mydomain.com and sub2.mydomain.com as two different IP addresses, then simple DNAT rules will work here. If sub1.mydomain.com and sub2.mydomain.com resolve to the same IP address, then you cannot do what you want with netfilter (because it works with IP addresses and port numbers, not hostnames and domains). The solution in that case would be Squid or Apache as acceleration proxy servers. Regards, Antony. -- People who use Microsoft software should be certified. Please reply to the list; please don't CC me.