Hello, I need to hide several identical targets behind a host but have failed to accomplish this. Hope someone on the list can help me. The set-up is shown below (good old ASCII drawings). My objectiv is to set up a testsite where several (more than the shown three) etherbased targets are to be tested. Each target has a FIXED ip. One target is attached to one ethernet port on the server. Every target has the same ip address. My question: is it possible to access the differnt targets from the LAN side via ip 10.1.1.11-13. A DNAT in a nat POSTROUTING rule would do it, but that's not allowed. Is there any other way to accomplish this? LAN side Test side ----------- Server ! Client1 !-----! ---------- ----------- ----------- ! !10.1.1.11/24-----! Target1 ! 10.0.0.1/24 ! ! ! ----------- ! ! ! 10.1.1.1/24 ! ! ! ----------- ! ! ! ----------- ! Client2 !-----!-------!10.1.1.12/24-----! Target2 ! ----------- ! ! ! ----------- 10.0.0.2/24 ! ! ! 10.1.1.1/24 ! ! ! ! ! ! ----------- ----------- ! !10.1.1.13/24-----! Target3 ! ! Client3 !-----! ---------- ----------- ----------- 10.0.0.10/24 10.1.1.1/24 10.0.0.3/24 I am running kernel 2.4.19, soon 2.4.20 with iptables 1.2.7a Thanks in advance /Dag