> The thing is, is there any way to SNAT a individual computer on my > internal network to a different public ip address? Sure. > All my internal network is masqueraded as the x.x.x.98/24 ip > address. I > want to SNAT my internal IP address 10.100.0.200 to > x.x.x.99/24 Is that > possible? Create the rules in this order : # iptables -t nat -A POSTROUTING -s 10.100.0.200 -j SNAT --to-source x.x.x.99 # iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -j SNAT --to-source x.x.x.98 # iptables -A FORWARD -s 10.100.0.200 -d x.x.x.99 -j ACCEPT # iptables -A FORWARD -s 10.100.0.0/24 -d x.x.x.98 -j ACCEPT When the first rule is matched, it is executed. So your PC on 10.100.0.200 hits first its own rule so never hits the subnet rule. The other PC's don't hit the specific rule and match the subnet rule. Of course the PC would have to have a static IP address, because otherwise another PC could be 10.100.0.200... Rob
