Hi guys I've got a iptables firewall setup and a request came in to not just snat an address but to make each subsequent connection go to a range of address. The firewall doesn't normally handle traffic from this particular application so I've setup a squid proxy and the app is connecting to the proxy. I added the range of addresses with ip addr add x.x.x.# dev eth0 and setup a snat rule: iptables -A POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to-source xx.xx.xx.131-xx.xx.xx.250 translation works fine, but I never seem to get an alternate ip from the range. If anyone knows what I need to do to make it so that the source addresses cycle it would be much appreciated. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html