Jeff Potter wrote: > > Thanks, Florin and Robert, for your suggestions. > > I'm still stumped, though. > > This rule looks to be the REDIRECT rule that Robert suggests. > Unfortunately, as I have it written here, it fail instantly -- > telnetting to port 80 causes an instant error. > iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT > --to-ports 127.0.0.1:8080 > > This gets packets in, but no reply: > iptables -t nat -A PREROUTING -p tcp -d 64.61.61.112 --dport 80 -j > DNAT --to-destination 127.0.0.1:8080 IIRC, you need TWO commands to setup a port forward with iptables, one for the incoming like you've specified, and another to handle the response. classic example is... iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx \ --dport 8888 -j DNAT --to 192.168.0.2:80 iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT