Hi! I have a bit specific, but not that unusual problem. I have linux 2.4 (OpenWRT 1.0) running on a home router. ppp0 has the connection to outside world and br0 is the local network and is "NAT-ed". I also have a vlan0 interface with IP address 192.168.1.1. On that network there is a host that has a HTTP server on port 80 and accepts connections only from 192.168.1.x. What I want is to set up a rule that allows outside hosts (the entire internet, ok maybe limited to a single IP) access to that port and of course masquerades it to appear as if coming from 192.168.1.x. There I'm lost. I have good unix experience, but managed to avoid packet filters until now ;-) So please help. Thanks and regards, David -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html