Hi Stefan,

I have got one official ip address and a dmz with an apache webserver with ip based virtual hosts config.

iptables -t nat -A PREROUTING -i $INF -p tcp --sport 1024: -d www.mydomain.com --dport 80 -j DNAT --to 1.2.3.4:80

iptables -A FORWARD -p tcp -d 1.2.3.4 --dport 80 -i $INF -j ACCEPT

Do I need an application level gateway for this config or

From my point of view you need for each private ip an official ip to setup the ip tables solution. Either you use an application level gateway eg apache with rewrite/proxy rules to check the HTTP header, or you setup apache with named based virtual host, which should be more simple.

Best regards Ben -- Ben Kummer, VDIVDE-IT, Rheinstr. 10b, 14513 Teltow Germany fon: +493328/435106 fax: +493328/435281 email:kummer@vdivde-it.de