Having woken up and reviewed the thread ... yes, the port swap mode is the way to go nowadays. trekhopd is not particularly applicable to most users. I once saw an ipchains masq module for Netrek, but port swap is a better solution because it fits the model of firewall opening the return UDP path once it sees the outgoing traffic from the client. -- James Cameron mailto:quozl at us.netrek.org http://quozl.netrek.org/