Hi, * Gustavo L. P. dos Santos <gustavo.santos@xxxxxxxxxxx> 29. Jun 07: > Maybe I wasn??t clear enought with my question, the two machines are > web servers visible on the Internet, and I can??t use MASQUERADE for > this. If it was the basics i wouldn??t bother you all. And sorry for > the annoyance. Don't worry, seems you're not the only one who should do some RTFM on this list... The situation you have is clearly described at Oskar Andreassons great tutorial (a Must-Read for iptables users, IMHO): http://iptables-tutorial.frozentux.net/iptables-tutorial.html#DNATTARGET You should use a range of IP#s for --to-destination. Note, that single TCP streams will allways be directed to same server while different streams will be directed in a simple load balancing manner (I think round robin). This implies that you don't have any problems with rather static content, but if you keep session information at server you have to distribute that to all your webservers. HTH, kind regards, Frank. -- Sigmentation fault