> I presently exclude 1 ip block in POSTROUTING using "! > X.X.X.X/24" . Is their a way to specify multiple ranges that > are excluded? If you mean to specify a range instead of a complete block, there is a Netfilter "iprange" patch for that. You'll have to compile a new kernel and iptables. http://www.netfilter.org/documentation/pomlist/pom-base.html#iprange Create multiple rules for each range you want to exclude. > Is their a way to have POSTROUTING only have affect on a > certain interface? iptables -t nat -A POSTROUTING -o <if_out> ... You cannot use "-i <if_in>". See "man itables". Rob
