On Tue, March 7, 2006 14:48, Carlo Henrico wrote: > Hi All > > I am new to all this but here goes. > > I have read the docs on NAT'ing etc but am still lost. > > I have a linux box with 2 NIC's, one on the public network and one on the > LAN. > > The public side has a public IP address but we also have 4 more IP addresses > routed by the ISP down that line. > > I would like to "reroute" the traffic from one of those IP addresses to a > web server (port 80) on the LAN. > > What I have tried is : > > Iptables -t nat PREROUTING -I 1.2.3.4 -j DNAT --to 5.6.7.8 This rule can't possibly work and would generate an error when executing it. I suspect it's a typo ? > Where 1.2.3.4 is the public IP address and 5.6.7.8 is the LAN address of the > web server. > > Please help, what am I doing wrong? man iptables. -I means "insert rule" and should be used before "PREROUTING". You should use "-d <destination IP>" instead. $ipt -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 80 \ -j DNAT --to 5.6.7.8 Assuming your FORWARD policy is ACCEPT ($ipt -P FORWARD ACCEPT) and have IP forwarding enabled (echo 1 > /proc/sys/net/ipv4/ip_forward). Gr, Rob
