Hi, I am trying to achieve Stateless NAT with ip rule and ip route. Thanks to LARTC doc, I have done it :) But, I have a lot of client wanted access to Internet, setting up 2 rules for each of them is not desirable. For example I have 2 clients: Current setting: [root@son-ag webauth]# ip ru 0: from all lookup local 32760: from 192.168.8.113 lookup main map-to 192.168.250.113 32761: from 192.168.8.112 lookup main map-to 192.168.250.112 32766: from all lookup main 32767: from all lookup 253 [root@son-ag webauth]# ip route show table local | grep nat nat 192.168.250.113 via 192.168.8.113 scope host nat 192.168.250.112 via 192.168.8.112 scope host Can I do the following? [root@son-ag webauth]# ip ru 0: from all lookup local 32760: from 192.168.8.113 lookup main map-to 192.168.250.111 32761: from 192.168.8.112 lookup main map-to 192.168.250.111 32766: from all lookup main 32767: from all lookup 253 [root@son-ag webauth]# ip route show table local | grep nat nat 192.168.250.111 via 192.168.8.113 scope host nat 192.168.250.111 via 192.168.8.112 scope host Or, is there a better way to achieve what I want? Please advice. Thank you., Kaiwen