On Fri, 2004-06-04 at 12:14, black@xxxxxxxxx wrote: > > What are the other rules? > > iptables -t nat -A PREROUTING -d 5.6.7.8 -p tcp \ > --dport 22 -j DNAT --to 192.168.1.81:22 > > iptables -t nat -A PREROUTING -d 5.6.7.8 -p tcp \ > --dport 22 -j DNAT --to 192.168.1.82:22 > > iptables -t nat -A PREROUTING -d 5.6.7.8 -p tcp \ > --dport 22 -j DNAT --to 192.168.1.83:22 > > iptables -t nat -A PREROUTING -d 5.6.7.8 -p tcp \ > --dport 22 -j DNAT --to 192.168.1.88:22 > > john Well that does explain it! It will always choose the first matched rule. You cannot do what you have outlined here. Well . . . you can but it will behave exactly as you observed. There must be some distinguishing trait in the match portion of the rule to differentiate the rules -- a different public address, a different port, a different interface. You matches are all the same! -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
