If I understand you correctly and remember your original rule, then I think you have it backward. If you are changing the destination, you probably want to change it from the public address to the private address: iptables -t nat -A PREROUTING -d 5.6.7.8 -p 6 --dport 8080 -j DNAT --to-destination 192.168.x.x:80 Remember to ensure that traffic to 192.168.x.x:80 is allowed on the FORWARD chain and that the NAT gateway responds to ARPs for 5.6.7.8 - John On Fri, 2004-05-28 at 10:18, black@xxxxxxxxx wrote: > would it be 8080 or 80? the web server has a static ip > address > on the inside 192.168.x.x > > > That will direct all 80 /tcp packets for all addresses the > > station listens on to 5.6.7.8:8080? Is that what you want > > or do you want to redirect packets with a specific > > destination address? If the public Internet address is not > > an IP address bound to the NAT gateway, then you will need > > to add it, typically: ip address add 1.1.1.2/24 dev eth0 > > brd + > > john -- Open Source Development Corporation Financially Sustainable open source development http://www.opensourcedevelopmentcorp.com
