Anyone know why the following rule does not work when i use SNAT but does when i use MASQUERADE?? /sbin/iptables -A PREROUTING -t nat -p tcp -d 63.x.x.x --dport 80 -j DNAT --to 10.0.0.3:80 When I use the following rule, the previous rule works: /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE but when i do it like this, i just get a connection refused from the outside: /sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to-source 63.203.63.246 Both work as far as NAT'ing my internal hosts, but i cant get the darn forward to work! thanks!! :) __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com