Hi all, I''ve problems to masquerade specific source to specific destination; I explain. I will that any WAN hosts as source (coming through wan interface eth1) to a network (10.147.0.0/16) reachable by eth2 be masquerade. masq file : eth1 eth2 eth1 eth3 eth2:172.17.0.0/16 eth1:0.0.0.0/0 eth2:10.144.0.0/16 eth1:0.0.0.0/0 eth2:10.145.0.0/16 eth1:0.0.0.0/0 eth2:10.146.0.0/16 eth1:0.0.0.0/0 eth2:10.147.0.0/16 eth1:0.0.0.0/0 eth2:10.148.0.0/16 eth1:0.0.0.0/0 eth2:10.149.0.0/16 eth1:0.0.0.0/0 eth2:10.150.0.0/16 eth1:0.0.0.0/0 eth2:10.151.0.0/16 eth1:0.0.0.0/0 this will works, BUT the problem is the when a packet comes from any eth2 hosts (10.0.1.0/24) it will be masqurade too. What can I do ? Let me know If you need more details ? Best Regards, Sebastien WENSKE ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/