On 8/1/2014 8:28 μμ, Les Mikesell wrote: > The concept doesn't even make sense for TCP connections where the > stack requires acks and sequencing. Are you trying to bridge to a > capture device or something? Thank you all for your enlightening feedback, which helped me better understand my situation. I can see that in fact I can do with a forward proxy (and not use iptables at all). The goal is to transfer data from a data capture device (which incorporates a web server) lying on a private subnet (without NAT) to various destinations. I now understand that forwarding identical traffic using iptables to such destinations (even if it was possible) would not be the right way. The device can be instructed to send data via http to whatever destinations via a "local" http forward proxy (which has a public IP address but can be accessed from the private subnet). Case closed. Thank you all again, Nick