OK. So, I tried this, with my correct addresses, of course. It didn't work. Only one service port was showing on an nmap. Attempts to ssh to one machine got a "refused." Attempts to go to another just sat there with no responce. I Ctrl-C'd out. In the iptables rules I note that there are rules to accept responses for anything that originated on the inside. Do I maybe need similar rules for packets that originated on the outside via these addresses? In order that the response can be forwarded back out over the Internet? Gregory Nowak writes: > Ok, I think I see what you're going for. > > In the below examples, I assume that you have an external ip, 1.2.3.4, > which you want to route to 192.168.0.1, and a second external ip, > 5.6.7.8, that you want to route to 192.168.0.2. I also assume that > your network device connected to the dsl modem is eth0. > > iptables -t nat -A PREROUTING -i eth0 --source 1.2.3.4 -j DNAT > --to-destination 192.168.0.1 > > and > > iptables -t nat -A PREROUTING -i eth0 --source 5.6.7.8 -j DNAT > --to-destination 192.168.0.2 > > Note 1:, I know I'm using incorrect number ranges for the external ip > addresses. > > Note 2: This might have line wrapped, so be sure to check for that if > doing cut and paste. > > Note 3: I obviously haven't tested this, but it should work in theory, > as far as I understand iptables syntax. If you get errors, let me or > the list know, and I'll try to resolve them. Hth. > > Greg
