yogesh@xxxxxxxxxxxxxxx wrote on Wednesday 25 July 2007: First of all: are you sure that you are not mixing things up? Squid is a proxy. The intended use of a web-proxy is to cache web-pages to speed things up the next time someone calls the same page and to reduce outgoing internet traffic. NAT stands for Network Adress Translation and is commonly used on routers to hide the private network behind the router and to allow computers behind the router to use the internet, exposing only the routers IP. > eth0=10.1.1.32(local) > eth1=203.199.40.4(global)--for internet > i want to make NAT for 10.1.1.53(local) from where i can ping > yahoo.com/google.com directly can any one help me This can be done by some iptable rules. First you have to allow IP forwarding on the router. In your case it is 10.1.1.32. echo 1 > /proc/sys/net/ipv4/ip_forward will allow forwarding for the current session, as long as your router stays powered up. To make this change permanent edit /etc/sysctl.conf and change the entry of IP forwarding to net.ipv4.ip_forward = 1 The following command will rewrite all outgoing traffic local network to eth1 to your routers IP, allowing it to cross the net. iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j SNAT --to-source 203.199.40.4 If your have a dynamic external IP address (in opposite to static IP address) use this line instead iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j MASQUERADE Finally you have to specify the traffic which is allowed to pass through. The following lines will allow established connections, outgoing connections from the box you mentioned and drop everyting else. iptables -P FORWARD drop iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.1.1.53 -o eth1 -j ACCEPT See also http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html -- bye, Adalbert Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN.