Hi. I'm trying to redirect from one port to another with iptables (destination NAT -- transparent proxying . . . e.g., "destination NAT" in this article: http://www.linux-mag.com/content/view/849/2236/). I've done this many times before, including on SuSE and various flavors of BSD (with ipfw). For some reason I can't get it to work on Fedora 3. I do have ip forwarding on (/proc/sys/net/ipv4/ip_forward shows 1) The command I am trying to use is: /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 I've tried this a number of ways, but I always get "connection refused." (Requests to port 8080 work fine.) I also flushed everything out of the nat, filter, and mangle tables: Didn't help. I have also tried it with the default iptables setting when the Fedora firewall is set to accept requests on 80 and 8080. See below. I'm stumped. Anyone seen this? Anyone have a working iptables setup on Fedora 3 with forwarding from one port to another that definitely works? John N. # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT