This is intended as a basic get up and running tutorial for someone who wants to run Multiple WAN IPS.

Ok this is how I did multi-nat on a cheap router(Linksys WRT54GS).
(that is, multiple wan ips or multiple public ips through a single router)

Not terribly complicated for someone that can follow directions and knows their way around a computer.

I spelled out (the best I could) how to do every step.

Using a Linksys box (or a box that can be hacked to a linux command prompt)
I used my existing Linksys WRT54GS (version 1.1) to install openWRT (think you can use dd-wrt or others). The object of doing this is  is to be able to issue the iptables command at the command prompt.

1. Find suitable Hardware good place to look: http://wiki.openwrt.org/TableOfHardware

2. You may want to clear your port forwarding section of router so all is done in same place in iptables.

3. Install (via linksys upgrade firmware page/ or flashing utility esp Linksys V5-6)

    - download from here (latest release for your router version should work fine)
          http://downloads.openwrt.org/ 
               I had to navigate to whiterussian - RC6 - bin and selected my file
                  openwrt-wrt54gs-squashfs.bin /You may need the micro version...check your ROUTER VERSION
                 
                 -for Linksys v5-v6 don't despair, someone created a flashing utility
                     (go here http://www.bitsum.com/openwiking/owbase … G5_CFE#h7)
        
         -much more about installing here....probably wise to read)
               http://wiki.openwrt.org/OpenWrtDocs/Installing
      
     open router page to upgrade and browse to where you put the .bin file
   
    -begin upgrade process and wait
     (When flashing, DO NOT stop the process, let it finish or ELSE you may have trouble ever using your router again)

4. log in to router -via browser
   (keeps same password and settings from linksys but you can set basics here if things get fowled up)
   
    -set password while at it
     (to make sure)
   
    -Verify/Install packages (still in broswer)
     (I have these installed: ip ipkg iptables iptables-mod-extra iptables-utils)
         1.navigate to [categories:] -- System -- select installed software)
        2. Update Package List
        3. scroll down and Select install if you don't have the one listed.
       
    -May as well make sure your IPS are still set(or set them): public and private,
     (if you want to save any settings you must do two things:
         1.hit SAVE (saves to file system)
         2.hit APPLY (saves them to config and reloads config)

5. Open up putty (SSH terminal window )
    -google putty
    -run
    -goto your router's IP
     login as user:ROOT password:[It'sYOURpassword]

6. issue commands as neccessary for your situation:
   (if you need help type the command and -h ie: ip -h. If you get an error with that...go back and install the packages)
   
    -this sets up secondary IPs (the first can be done via browser)
      ip addr add 169.168.167.2/24 dev vlan1  (here's my second)
      ip addr add 169.168.167.3/24 dev vlan1  (here's my third)
   
    -this routes the packet
      iptables -t nat -A PREROUTING -p tcp -d 169.168.167.2 --dport 80 -j DNAT --to-destination 192.168.0.10:80
   
    -this opens the port for forwarding            
      iptables -I FORWARD -p tcp -d 192.168.0.10 --dport 80 -j ACCEPT

7. NVRAM commit (commits the configuration to NonVolatile RAM) survives reboot

That's all I had to do...can't guarantee the same results but give it a try. You can completely flash your router back to normal as long as you're careful using TFTP.  When flashing, DO NOT stop the process, let it finish or ELSE (you may have trouble ever using your router again).

Have fun, learn more, and NAT on my friend, NAT on.

Aaron Gill

                
Here's the break down of the command:

iptables -t nat -A PREROUTING -p tcp -d 169.168.167.1 --dport 80 -j DNAT --to-destination 192.168.0.10:80

part of command = Meaning  [options for MULTINAT puposes]
-------------------------------------------------------------
-t         = table
NAT        = table name for -t option
-A  (-I)    = Append (think add this rule) or Insert 
          [-D = Delete this rule ...rule must be exactly the same as -A or it won't delete]
PREROUTING/       = Routing stage(chain) at which this rule is implemented
FORWARD           
-p        = protocol
tcp        = the protocol for -p
          [UDP]
-d        = Destination IP
169.168.167.1   = incoming public ip address(wan ip)
--dport         = specifically heading to port
80              = the port for --dport argument
-j        = Jump to location
DNAT        = LOCATION for -j
          [SNAT]
--to-destination= to a destination of (ip address/range/ports etc )
192.168.0.10:80    = IP address and port to go to on nat side
          [also can just used ip only...192.168.0.10
           or a range of ips.............192.168.0.5-192.168.0.50
           or a range of ports...........192.168.0.10:80-90  ]