On Fri, 2004-01-23 at 19:19, David Demland wrote: > I have an internal box being used as a router. I need to route an IP to a > different IP and I am not sure how to do this with ipchains. Here is what I > am trying to do: > > 10.0.0.253 +--------+ 192.168.0.200 > ------------->| Router |-----------------> > +--------+ > > The firewall converts the packets into an internal IP which is part of a > DMZ. The router handles the traffic from the DMZ to the internal network. I > need to get a path from the firewall to a server on the internal network. I > have the firewall converting packets into an address that is on the same > network as the DMZ, but the address does not exist. I want to have the > router convert this non-existing address into an address of an existing > server on the internal network. The route is a debian box running ipchains. > > How do I set the ipchains rules to convert the IP from one to another? --- Too little info - too little clear in the question. Generally, when I ask a question like this, in order to get a clear correct answer, I must demonstrate that I have made a significant effort to understand the issue enough to be able to ask questions clearly. It does seem that you are wanting to do either forwarding or masquerading. I can't tell and a router that is handing traffic from the DMZ to the internal network is such a confused concept - given my definition of a DMZ anyway - that it's simply not possible to figure out where you are going with this. ipchains requires ipmasqadm for 'forwarding' packets which you may already have compiled in if the router already does forwarding as it would appear to do with your description. That being said, the 2.4 kernel is now phasing out so using the 2.2 kernel on the router doesn't make much sense. Considering the performance and security enhancements of the 2.4 kernel / iptables, it definitely is easier to use it which makes it the obvious upgrade. David Ranch's IPMASQ html pages Craig