>> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT >> --to-source 1.2.3.4 -d www.centos.org >> >> Any idea to achieve it? > > The destination should be before the SNAT ... so try this: > > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -d > www.centos.org -j SNAT --to-source 1.2.3.4 I did it once in the above way before posting this. it Did NOT work. Anyway, Has it wokrd for you? >> >> iptables -t nat -A PREROUTING -p tcp -m multiport -s ! 192.168.1.9 >> --destination-port 80,465,995 -j DNAT --to-destination :3128 >> >> I want to exclude about 4 or 5 ips. >> >> let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25 >> >> Is there a way to do it? > > Not that I can think of. If these IP addresses were in a contiguous > block, it might be able to be summarized by one or two subnet statements > instead of individual rules for each. I will try, that means somwting like ! 192.168.1.9/29 -- Thank you Indunil Jayasooriya