Ward.P.Fontenot at wellsfargo.com wrote: > I've added the following and it still isn't working > > iptables -t nat -I PREROUTING -p tcp -m tcp --dport 8443 -j DNAT > --to-destination 192.168.0.2:8443 > iptables -A FORWARD -d 192.168.0.1 -p tcp -m tcp --dport 8443 -j ACCEPT > > I've enabled forwarding - not sure if it's needed but it's there just in > case. Yes, you do need forwarding enabled. In that second rule, the match address should be 192.168.0.2 since the translation has already been applied. What does the rest of your FILTER chain look like? If the packet matches a REJECT rule prior to reaching your ACCEPT rule, that will be the end of it. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.