The only way I know of to do that is use iproute2 (or ifconfig) and add that IP to the firewalls eth0 device and fix your rule (lowercase J). ip addr add 10.0.0.1/8 dev eth0 iptables -t nat -I PREROUTING -i eth0 -d 10.0.0.1 -j DNAT \ --to 192.168.0.1 I think that'll work OK.. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Shawn [mailto:core@xxxxxxxxxx] Sent: Friday, June 20, 2003 7:07 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Is this correct? I have a, iptables statement I would just like someone to say if I have it right. Let's say I have a linux box with eth0=10.0.0.250 and eth1=192.168.0.250, and there's a host (192.168.0.1) connected to eth1. I want to route connections from hosts in 10.0.0.0/24 land to 10.0.0.1 onto the linux box's eth0, and have them NATed to 192.168.0.1 Will the following statement do that? iptables -t nat -I PREROUTING -i eth0 -d 10.0.0.1 -J DNAT \ --to 192.168.0.1