Hello, I have to shutdown a proxy server for a few days and I need to redirect its traffic to a server behind an iptables firewall. Here's what I want to do: Original request to $PUBLIC_IP:80 is redirected to $PRIVATE_IP:2050 (machine behind firewall) Packets from $PRIVATE_IP:2050 come out of the firewall as coming from $PUBLIC_IP:80 I binded the proxy's public IP to the firewall's external interface (eth0) and added the following rules: I think I got the first part right. #test for ezproxy -A FORWARD -i eth0 -o eth1 -p tcp --syn -d 192.168.0.3 --dport 2050 -j ACCEPT But I'm having problems with the second part. The SNAT rule: -I POSTROUTING -s 192.168.0.3 --sport 2050 -o eth0 -j SNAT --to 130.17.174.108 #This one seems OK too. -A PREROUTING -i eth0 -p tcp -d $PUBLIC_IP --dport 80 -j DNAT --to $PRIVATE_IP:2050 The SNAT rule generates the error: Applying iptables firewall rules: iptables-restore v1.2.11: Unknown arg `--sport' One of the restrictions I have is that *only* the packets from $PRIVATE_IP:2050 can go out as coming from $PUBLIC_IP:80. Could someone provide help to solve this problem? Thanks. -K
