I have a 2621 router with FE0 attached to the Internet and FE1 attached to \nthe LAN.\n\n2621\nFE0 X.X.X.1/29 (part of public IP block, 'outside' NAT interface)\nFE1 a.a.a.1/24 (private, 'inside' NAT interface)\n\nI have two goals here, both of which I can do, I just want a better way to \ndo them.\n\nThe first goal is to simply "port forward" public IP X.X.X.2 to LAN IP \na.a.a.2, which is simple enough with destination NAT:\n\n[source <?>][dest X.X.X.2] DestNAT-> [source <?>][dest a.a.a.2]\n\nThe second goal is where I started making stuff up. Because in addition to \nbeing destination NATed to "b.b.b.6", public IP X.X.X.3 must also be source \nNATed to appear to have originated on the b.b.b.0 subnet. So for lack of a \nbetter idea, I did this:\n\nFirst I destination NAT it to the appropriate LAN address:\n\n[source <?>][dest X.X.X.3] DestNAT-> [source <?>][dest b.b.b.6]\n\nMy hack solution is to then route it to a second 2621 router:\n\nip route b.b.b.0/24 -> a.a.a.5\n\nAnd the second 2621 looks like this:\n\n2621 #2\nFE0 a.a.a.5/24 (inside)\nFE1 b.b.b.1/24 (outside)\n\nAnd using a traditional internet connection sharing routine, I nat the \nsource:\n\n[source <?>][dest b.b.b.6] SourceNAT -> [source b.b.b.1][dest b.b.b.6]\nip route 0.0.0.0/0 -> a.a.a.1\n\nSo, from the perspective of the server at b.b.b.6, all the requests it's \ngetting appear to be coming from LAN source b.b.b.1 (rather than WAN source \n<?>). Which accomplishes "the goal".\n\nThis works, but my question is, is it possible to do this with 1 router? \nCould I put, say, an NM-4E module into a single 2621 and route packets to \n"myself" so that I can destination NAT them as well as source NAT them?\n\nI have to reproduce this at another location with the same goals, but at the \nother location there's only one 2621 router to play with.