Hi there, I think it is not possible to do as you reqest: ftp1.mydomain.net ---> 192.168.1.10 ftp2.mydomain.net ---> 192.168.1.50 www1.mydomain.net ---> 192.168.1.12 www2.mydomain.net ---> 192.168.1.33 You could instead use port forwarding, but that wont work for FTP afaik. For FTP you would set up a proxy like SuSE's FTP Proxy Suite ie. Furthermore I think its really not possible to distinguish several servers running on one site by DNS name. You would need more then just one public IP for that. What you can however distinguish without additional IPs is like, port number. So ie it would work to have web server 1 on port 80 and webserver 2 on port 81. You could then point www1.mydomain.net and www2.mydomain.net to the same IP (your public one), but then your clients will have to supply a port number with theyr request, ie http://www1.mydomain.com:80 or like, http://www2.mydomain.com:81. My recommendation is: Get yourself two public IPs. You can then assign IP 1 to www1 and ftp1, and assign IP 2 to www2 and ftp2. You could for example load both public IPs on your firewall (using IP aliases) and then do a 1:1 NAT for each IP to the according internal machine. So FTP would work without a proxy and WWW would work without a port forwarding. Hope that helps Chris Burri .-. /v\ L I N U X // \\ >I know KungFu!!< /( )\ ^^-^^ Hi again! Thanks for your quickly answers, I think I hadn't explained enough clearly in the first mail. The problem is the following: I have a SINGLE public ip with an associated domain. In that host I have a DNS server, mail server, web, etc. The important point is at the DNS. What i'd like to do is that the firewall forward all the packets independently of the destiny port, which can be any, to a host of the intranet with a private ip. The rule for decide which packets go to what host in the intranet is the name that the client refered to. Example: when I do a ftp to ftp.mydomain.net my DNS server would forward the request to the host 192.168.1.10. I'd like to have a map like this: ftp1.mydomain.net ---> 192.168.1.10 ftp2.mydomain.net ---> 192.168.1.50 www1.mydomain.net ---> 192.168.1.12 www2.mydomain.net ---> 192.168.1.33 and so on But Actually in the internet all that names lookup to 213.1.2.3 and of course the 192.168.x.x is never seen from the internet I know that apache can manage vhosts and I could redirect to a intranet host all the web traffic coming to www2.mydomain.org, the same can be done with wu-ftp or proftp where u can have multiple domains/dubdomains and have different ftp root directorys depending on the name the client used to contact it, and then I could set that roots pointing to nfs mounted directories of the internal net, but what I'd like is that all the traffic forward would depend on the name used by the client. As I said it's not a port forwarding matter it would be a program which could manage domain name vhosts and do some kind of bridging / forwarding to the intranet depending on the name the client reffered. So the idea is to emulate lots of real ips with just 1 public ip and 1 domain with all the subdomains I'd need. Uh! I hope to have been clear enough this time, my English is not perfect (I'm Spanish) so please let me know if u got the idea, ok? Thanks a lot guys! Ramon Acedo