On Sat, Jan 08, 2005 at 11:53:30AM -0700, Jay wrote: > In George's case that will not work. As I understand his problem, the > source external/public address of the HTTP connection needs to be > difference for each internal machine. It absolutly *would* work. That's what NAT means -- network address *translation*. Suppose, as a simple case, you have two LANs which are both using 192.168.0.0/16. If you were to connect them, you'd have to renumber one of them, right? Wrong. You can, with a Linux (or OpenBSD or Cisco or something else) router, make network A think that network B's addresses are in the 10.5.0.0/16 range. Anything sent from A with a destination address in 10.5.0.0/16 will be translated by the router as being intended for network B and re-written with the appropriate destination address in the 192.168.0.0/16 range. At the same time, the source address would also be re-written to be in, say, the 10.8.0.0/16 range, and B's router would make the appropriate translation when the packets got there, and for traffic destined for A. In this case, it's only half as complex. Only the source needs to be re-written for outbound traffic; the destination stays the same. A simpler explanation can be found at and . This whole discussion is academic if he's using a 2.2 or earlier kernel; 2.0 and 2.2 only had the ability to do masquerading (i. e., one external address to many internal addresses) and not full-on NAT (many-to-many). You need 2.4 and up to do NAT. -- Bill Jonas * bill@billjonas.com * http://www.billjonas.com/ "It's a dangerous business, Frodo, going out your front door. You step into the Road, and if you don't keep your feet, there is no knowing where you might be swept off to." -- Bilbo Baggins