Hi, System: Debian Squeeze (node+VMs) + OpenVZ + 2xISPC3 (188.8.131.52, one VM-node and ISPC3 others) close to HowTos http://www.howtoforge.com/installing-openvz-plus-management-of-vms-through-ispconfig-3-debian-6.0 http://www.howtoforge.com/virtual-multiserver-environment-with-dedicated-web-mysql-email-dns-servers-on-debian-squeeze-with-ispconfig-3 (all with default ports) All good on intranet... but..... Long time back I started to use Pre-routing for external ports to have 2+ (physical) machines running under same IP: http://www.howtoforge.com/forums/showthread.php?t=55180 Now I have tried to replicate idea to VMs, but phasing interesting problem - OpenVZ seems to forward my request to wrong IP (always node). - ADSL-Router Port forward 5000-5099 => 192.168.xxx.1 (node) 5100-5199 => 192.168.xxx.2 (1st VM for ISPC3) etc. My idea was to Pre-route ports to original at high level (Node Firewall pre-chain), so I added to Node's firewall /etc/Bastille/firewall.d/pre-chain-split.sh test rules as root: and then restarted firewall Now on client, all OK with but when no success. but I changing user name i.e. I logged in to Node, not to Server Same for ISPConfig3-console, all https://example.com:5103 (ment for Server goes to Node). I tried to look into OpenVZ-wiki, but could not find yet Pre-routing advice http://wiki.openvz.org/Setting_up_an_iptables_firewall Also if I go ahead with "Setting up a HN-based firewall"-way, any special things I have to consider due ISPC3? Obviously VM-conf:s have to be cerated manually (which I wanted to avoid by using above shortcut).