    How can I make a rule that translates all output destined for to instead goto I need an iptable rule, not a route. I'm pretty sure I need to use DNAT, but I don't know how to do this, iptable expert help?
    That didn't really help me.

    Heres the command I think should work:
    iptables -t nat -A PREROUTING -d -j DNAT --to-destination

    but it doesn't, any idea why?
    Add this along with the PREROUTING one (above).

    iptables -I FORWARD -d -j ACCEPT

    Edit: Actually, I used a -I instead of -A on the PREROUTING line when I telneted into my router and tried it. -A adds it on to the end.

    Since the iptables are for different tables (FORWARD and nat), it should not matter which order you enter them into your startup.
    already there

    iptables -I FORWARD -d -j ACCEPT was already in place, as was
    iptables -t nat -I POSTROUTING -d -j MASQUERADE
    I didn't use the POSTROUTING command, just the two above (again, used -I instead of -A on the iptables nat command). For kicks, I set -d to the yahoo.com IP and tried it.

    Worked fine.
    problem solved

    Thanks, I solved the problem. I needed another static route on the hosts.

    I now have tomato doing pass through IP accounting at wire-speed for $60US (plus 35 hours of googleing) , I'm very happy.

    I learned tons about iptables in the process. Not easy to setup, but once it's setup it freaking rocks, so thank you community.


