ok look at my situation


Internet ---> eth0(public ip) eth1(192.168.0.1 private ip) --->www.hello.com [192.168.0.2]
---->www.hi.com[192.168.0.3]
----> www.fine.com [192.168.0.4]
----> www.thanx.com[192.168.0.5]

Now is this possible by the following RULE

#IPTABLES -A PREROUTING -t nat -i eth0 -p tcp -d www.hello.com --dport 80 -j DNAT --to 192.168.0.2:80

#IPTABLES -A FORWARD -i eth0 -p tcp -d www.hi.com --dport 80 -j ACCEPT

*** and same stratigy for the rest of the stuffs also ****

I want to do this because i have only 1 public ip and lot's of stuff to do. so i am pointing these
websites to my lan machines. the public ip machine will be only used for DNAT and security
purposes.

so? what exactly is the problem you are experienceing?

it give's me back a error messege.like

iptables v1.xxx: host/network www.hi.com.np not found
try iptables -h

now i have this type of configuration

my mail server ip is 202.79.55.xx. This ip holds web service and mail serevice of my company.

the dns is something like this

$TTL 86400
@ IN SOA mail.hi.com.np. admin.hi.com.np. (
2005011801 ; Serial
1800 ; Refresh
14400 ; Retry
14000 ; Expire
14000 ) ; Minimum

IN NS ns.hi.com.np.
IN MX 10 mail.hi.com.np.
IN A 202.79.55.xx

;localcal host entry
localhost IN A 127.0.0.1

; other entries
pop IN A 202.79.55.xx
smtp IN A 202.79.55.xx
ns IN A 202.79.55.xx
mail IN A 202.79.55.xx
IN MX 1 mail
ftp IN A 202.79.55.xx
www IN A 202.51.74.xx

now in the above www IN A 202.79.55.xx. This is a remote public ip of my branch office.in the branch office MASQUERADING is done.Now i went to the branch office and hit the following command
#IPTABLES -A PREROUTING -t nat -i eth0 -p tcp -d www.hello.com --dport 80 -j DNAT --to 192.168.0.2:80

now over here eth0 is my wan interface with the ip 202.51.74.xx.
192.168.0.2 is my local machine where i want to host my web stuffs. But This dnat is not working.May be my configuration is wrong?

now that you have posted you problem and not just a statement we can continue :-)

you will not be able via iptables to define forwarding on the requested host address, since the host request is stated in the http header. iptables will not look into that header.
what you can do is to forwarding via ipaddress and port, so:
1. we tell iptables to forward any traffic on port 80 to 192.168.0.2 if it comes from outside your LAN
2. you setup apache2 (or any other webserver) to use, either a different virtual host depending on the requested host name, or you setup the apache proxy module, that can redirect to another host on your network depending on the requested url

ok thank you

i don't if i should ask you this question.In this case will i be able to host multiple websites on a single box?
and as your rule it has been said that what ever comes on port 80 send it to 192.168.0.2.Now in this way i will not be able to dnat to other ip .
my domain hi.com.np is not hosted on my branch office. as i have showed you my dns.it is hosted in the ip
202.79.55.xx. this machine holds my mail and ftp too. but for the web i have redirected it to another public ip which is my branch ip 202.51.74.yy.Now what happens is that

when someone from outside requests
www.hi.com.np it goes to the the isp side.then the isp replies that it is at 202.79.55.xx.But agian this ip says that www.hi.com.np is at 202.51.74.yy as you have see in the dns file i had previously posted. Now when the request comes to the 202.51.74.yy then i want it again to redirect to my lan ip 192.168.0.2.I want to do this by FQDN.Because tommorrow i will be hosting more sites on 192.168.0.2,192.168.0.3,192.168.0.4 etc.....

Is this possible or just my useless imaginary mind

yes, you can host multible sites on a single box.
in apache2 you can specify the directive 'hostname' in your virtual host section. you run multiple virtual hosts, and specify each with a different hostname, then wenn a request hits the server it checks for the requested hostname and will fetch the data specified in that corresponding virtual host.

i am not quite sure about your domain http://www.hi.com.np/
basically i would say if you have dns configured that www to http://www.hi.com.np/ goes to your branch ip the browser will get that information correctly and contact the ip address set in dns for www and not dns entries for ftp, mx or smtp...