> What I am trying to do is like how its done on cisco PIX i.e > "static (inside,outside) 208.15.232.12 192.168.1.167 netmask 255.255.255.255 > 0 0" iptables -A POSTROUTING -t nat -o EXT -s 192.168.1.167 -j SNAT \ --to 208.15.232.12 iptables -A PREROUTING -t nat -o EXT -d 208.15.232.12 -j DNAT \ --to 192.168.1.167 Where EXT is your external interface. This does: - change source address of packets comming out of 192.18.1.167 to 208.15.232.12 - change destination address of packets comming to 208.15.232.12 to 192.18.1.167 The the packets get routed, and you have 1:1 NAT You can also change ports, eg. make a world available ftp server on port 21 on 208.15.232.12, that really is on port 17 on 192.18.1.167 This way 192.168.1.167 can have 2 ftp servers, one public, one internal, on different ports. It is just an example, maybe you could use things like that. Regards, Maciej Soltysiak
