Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx> wrote: > The guy just want some temporary NAT services for testing. > There is no need to configura all of that. Agreed. However ... > That simple iptables ... -j MASQUERADE rule should work if > there are no other iptables rules anywhere, and all default > rules are ACCEPT. Actually, the MASQ target is _not_ recommended when you want to map many, many systems into various ports. I see this come up regularly and it's a very _poor_ move to do traditional masquerading (NAT+PAT). Ideally, you should be doing 1:1 NAT, and _no_ PAT. Not only reduced overhead on the NAT device because it's not doing PAT and connection tracking, but you'll see greatly increased performance (especially on a higher speed corporate network ;-). Now Linux's performance at this is still suspect at 1:1 NAT versus even a typical router. But if you want to do it ... iptables -t nat -A PREROUTING -d a.b.c.d -i ethX -j DNAT --to-destination p.q.r.s iptables -t nat -A POSTROUTING -s p.q.r.s -o ethX -j SNAT --to-source a.b.c.d Where ethX is your public IP interface. Where a.b.c.d is your public IP address. And where p.q.r.s is your private iP address. -- Bryan J. Smith b.j.smith@xxxxxxxx http://thebs413.blogspot.com --------------------------------------------------------------- "On the basis of the American view, which may be right, the success of the Iraqi political experiment is bound to provide a model to be emulated in Syria and in the various countries neighbouring Iraq" -- Nur-Al-Din, Al-Safir (Lebanon Periocial)