>Hi. I was wondering if someone could tell me what a good way is to set up >DNAT and SNAT on a firewall if the external IP is not static .... Do not use SNAT, use Maquerading. You don't have to know your external IP here: iptables -t nat -A POSTROUTING -s $INT_NET -o $EXT_DEV -j MASQ DNAT is also very simple, don't specify your external IP in DNAT Rule, just the Destination Port: iptables -t nat -A PREROUTING -p tcp --dport 25 -i $EXT_DEV -j DNAT --to-destination $SMTP_SERVER Greetings, Thorsten Scherf, RHCE, RHCX
