Hi again! Thanks for your quickly answers, I think I hadn't explained enough clearly in the first mail. The problem is the following: I have a SINGLE public ip with an associated domain. In that host I have a DNS server, mail server, web, etc. The important point is at the DNS. What i'd like to do is that the firewall forward all the packets independently of the destiny port, which can be any, to a host of the intranet with a private ip. The rule for decide which packets go to what host in the intranet is the name that the client refered to. Example: when I do a ftp to ftp.mydomain.net my DNS server would forward the request to the host 192.168.1.10. I'd like to have a map like this: ftp1.mydomain.net ---> 192.168.1.10 ftp2.mydomain.net ---> 192.168.1.50 www1.mydomain.net ---> 192.168.1.12 www2.mydomain.net ---> 192.168.1.33 and so on But Actually in the internet all that names lookup to 213.1.2.3 and of course the 192.168.x.x is never seen from the internet I know that apache can manage vhosts and I could redirect to a intranet host all the web traffic coming to www2.mydomain.org, the same can be done with wu-ftp or proftp where u can have multiple domains/dubdomains and have different ftp root directorys depending on the name the client used to contact it, and then I could set that roots pointing to nfs mounted directories of the internal net, but what I'd like is that all the traffic forward would depend on the name used by the client. As I said it's not a port forwarding matter it would be a program which could manage domain name vhosts and do some kind of bridging / forwarding to the intranet depending on the name the client reffered. So the idea is to emulate lots of real ips with just 1 public ip and 1 domain with all the subdomains I'd need. Uh! I hope to have been clear enough this time, my English is not perfect (I'm Spanish) so please let me know if u got the idea, ok? Thanks a lot guys! Ramon Acedo