Brian, You slipped into pseudo code too fast for me. :-) Your router runs Linux and it's external IP addresses is 1.2.3.2? If the above assumption is true, you will probably have to bind alias interfaces youself and then use them in the iptables rules. If things like this happened automagically depending on what I put into my iptables rules, I think I would lose my mind (_toy_story_2_, mr. potato head: "on a yo-yo?"). I do not know if this is the best way to do it, but I don't know of another way off the top of my head. I am assuming you can't get your router in front of the registered subnet and just use the registered addresses on the hosts and in the iptables rules. That may be simpler, but may also be impossible or impractical in your situation. Good luck, Troy >>> lxy at cloudnet.com 11/25/02 09:50AM >>> I have a registered subnet 1.2.3.0/29 and an internal subnet 192.168.1.0/29 The router has INT_OUTSIDE_IP=1.2.3.2 I want to map .3,.4,.5, and .6 on 1.2.3.0 to 192.168.1.0, respectively. I think I just need to do something like iptables -A PREROUTING -t nat -p tcp -d $INT_OUTSIDE_IP --dport $PORT \ -j DNAT --to $SERVER_IP:$PORT for each IP and port. When I do this, do I need to assign each IP to a subinterface on $INT_OUTSIDE (eth0:1, etc) or does iptables automagically grab the IP for me? Also, is this the best way to do it or should I be going about it differently? -Brian _______________________________________________ Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.mn-linux.org/mailman/listinfo/tclug-list