Hello, I have a WRT54GL running Tomato 1.21. It was upgraded from Linksys's most recent firmware 220.127.116.11. The settings transferred across perfectly as far as I can see. The WRT54GL is on 192.168.0.254. There is a squid proxy box on 192.168.0.1. My other half has a laptop home from her job where the Firefox and IE proxy setup points to an http proxy, coincidentally on 192.168.0.254 too, port 800 (!) I don't want her to have to change any settings, so I am trying to set it up so that connecting to 192.168.0.254 on port 800 will redirect to 192.168.0.1 port 3128. I tried this... /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s 192.168.0.0/24 -d 192.168.0.0/24 -p tcp --dport 800 -j ACCEPT /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp --dport 800 -j DNAT --to 192.168.0.1:3128 /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s 192.168.0.0/24 -p tcp -d 192.168.0.1 -j SNAT --to 192.168.0.254 /usr/sbin/iptables -t filter -I FORWARD -s 192.168.0.0/24 -d 192.168.0.1 -i br0 -o br0 -p tcp --dport 3128 -j ACCEPT So, above should do... box on lan > 192.168.0.254 : 800 > 192.168.0.1 : 3128 -> out to web. Unfortunately telnetting from a box on the LAN to port 800 is giving a connection refused. I was pretty certain iptables changes happened instantly, so what am I doing wrong? If the above isn't going to work, what other ways are there to do it? The emphasis here is on not having to change the work laptop settings. 192.168.0.254 has to give the appearance of having a squid / http proxy on port 800. All help gratefully received. Thanks in advance.