sorry for reply post.. but it is simply done with SNAT, however if you have a MASQ rule in there, it masq's before it jumps to the SNAT rules..
thus, working eg: #iptables -t nat -A POSTROUTING -o $ETX -d \! $LAN -j MASQEURADE iptables -t nat -A POSTROUTING -o $EXT -s 1.0.0.0 -j SNAT --to y.y.y.y iptables -t nat -A POSTROUTING -o $EXT -s 2.0.0.0 -j SNAT --to x.x.x.x one security concern however is that you cannot specify incoming interfaces.. eg: iptables -t nat -A PSOTROUTING -o $EXT -s 1.0.0.0 -j SNAT --to y.y.y.y iptables -t nat -A PSOTROUTING -o $EXT -s 2.0.0.0 -j SNAT --to x.x.x.x thus if (honey net is example) a hostile box changes its ip addressing then it will (if it makes it too the postrouting chain), snat for that ip
