There are no lame questions, only lame answers like: NAT = NAT = NAT = NAT :-) Sure you can do this, just add a DNAT rule in the PREROUTING chain of the NAT table, translating x.x.x.x to y.y.y.y. And be sure to allow 'any' to access port 80/443 on y.y.y.y in the FORWARD chain of the filter table. -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Simon Sent: Wed 26-Jul-06 11:29 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: A netfilter 'if possible' question Hi There, I understand NAT to the level that i currently use it, to send certain ports from our DSL link to various different servers within our internal network. Is it possible to do this to an outside IP address. eg. zzz.zzz.zzz.zzz sends http requests to port 80 and 443 on xxx.xxx.xxx.xxx, then have netfilter NAT those requests thru to port 80/443 on yyy.yyy.yyy.yyy, both x and y being different real world IP addresses and on different subnets? (physically seperate servers). Thanks and sorry if its a lame question... Simon
