search for: fake_ftp_ip

...an see this working is either putting the FTP/.. DMZ behind the firewall giving true firewall protection for all services involved, or if you just want to kludge the current solution, you can perform a DNAT/SNAT interface bounce like the following: # Session iptables -A PREROUTING --destination ${FAKE_FTP_IP} -p tcp --dport 21 -j MARK 1234 iptables -A PREROUTING --destination ${FAKE_FTP_IP} -p tcp --dport 21 -j DNAT ${MY_FTP_SERVER} iptables -A POSTROUTING -m mark 1234 -j SNAT --to ${MY_INTERNAL_IP} The above should work for single channel TCP/IP traffic, but I don''t know if more is needed fo...