> Okay, so you have one public IP address, and all your internal machines are > masqueraded behind that one address for outbound connections; also your > firewall runs DNS (although it's not clear whether you mean it runs caching > DNS for internal clients, or also authoritative DNS for external queries > about your domain). i have a caching dns sserver for the inside of the lan, but external queries are handled by the companies dns server > What is "the first rule"? iptables -t nat -A PREROUTING -d X.X.X.X -p tcp --dport 22 -j DNAT \ -- to 192.168.1.89:2222 (ares) iptables -t nat -A PREROUTING -d X.X.X.X -p tcp --dport 22 -j DNAT \ -- to 192.168.1.90:22222 (zeus) i asigned that workstation to listen to that port. when i ssh into zeus from the outside world it says connecting to zeus, but at the bash prompt it is ares im running BIND 9 on red hat 9 thanks john
