On Wednesday 31 December 2008 16:05, chloe K wrote: > ls the network address traslation in centos5.2 different? Nope. > I disable the default iptable rule and use the following commands but I > can't connect http://public:8080 from outside to this host 192.168.0.10 > port 80 > > eth1 is public address > eth0 is private address 192.168.0.1 > > iptables -F -t nat > iptables --table nat --append POSTROUTING --out-interface eth1 -j > MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to > 192.168.0.10:80 Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.; --append or --table These are written as '-A' and '-t' Try these; iptables -F -t nat iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # !!! Following line is wrapped !!! iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to-destination 192.168.0.10:80 iptables -A FORWARD -i eth0 -j ACCEPT You could and should tighten these rules up. You should look into Stateful packet inspection for your firewall. If you are looking to learn how to write your own rules use the following; http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Linux User #296285 http://counter.li.org