> Now here's something interesting that I discovered when you mentioned > it... > > <code> > root@firewall:/var/log# tail syslog -f|grep 10.1.1.100 > > Aug 2 13:41:38 firewall kernel: IN=eth1 OUT=eth0 SRC=10.1.1.100 > DST=212.19.193.43 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID= > 49518 DF PROTO=TCP SPT=3571 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 your redirect rule is: $IPT -t nat -A PREROUTING -i $INT -p tcp --dport 80 \ -j REDIRECT --to-port 8080 where $INT = eth0 the inbound interface of the logged packet above is eth1; therefore, it does not match your REDIRECT rule (or any FORWARD rule either). are your interface variables ($INT and $EXT) backwards? -j
