Dear All This is what I want: eth0 as internet (1.1.1.1) eth1 as dmz (10.1.1.1) dmz has a web (10.1.1.2) and dns (10.1.1.3) server with private IP. The netfilter fw will do the static IP (public to private) IP mapping. Avaliable public IP (example): 1.1.1.1 (eth0), 1.1.1.2 (for web), 1.1.1.3 (for dns) Now I have these rules: iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.2 -p tcp --dport 80 -j DNAT --to 10.1.1.2:80 iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.3 -p udp --dport 53 -j DNAT --to 10.1.1.3:53 The problem is that there is no response from 1.1.1.2 and 1.1.1.3. Do I need other special setting (proxy arp?) Regards Patrick _________________________________________________________ 必殺技、飲歌、小星星... 浪漫鈴聲 情心連繫 http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
