Source nat allows you to masquerade a different external ip address based on the internal ip address. For example, you may have a few IP addresses on your ipcop and you want to use a different ip for a certain internal machine (eg a mail server), so you decide you need to use source nat (snat). Its pretty simple to set up once you know what chain to put it in on the ipcop!
To get it working without any mucking about, just log in with ssh and chuck something like this at it:
/sbin/iptables -t nat -I REDNAT -s in.ter.nal.ip -o eth2 -j SNAT --to-source ex.ter.nal.ip
Where in.ter.nal.ip is the ip of the machine you want to have a different public ip, ex.ter.nal.ip is the external ip you want it to have. You may also need to change the -o eth2 to match your internet facing interface (or at least the one that the alias ip is on). You will also have had to set up your alias ips already, this can be done in the web gui.
Thats it done. You may want to test this before making permanent changes, so you can either use something like lynx to go to www.whatismyip.com from the masqueraded internal machine, or ssh from the internal machine to an external machine and watch the auth log on that - there are lots of ways to verify - please comment if you have some easier ones!
Once you are happy, just put the iptables command youused earlier into /etc/rc.d/rc.firewall.local - now it will work each time you reboot as well.
Thanks to David Sandor for the howto he did, it got me started in the right direction! I guess for an older version of ipcop: http://davidsandor.com/blogs/tipsandtricks/archive/2008/01/25/ipcop-ip-chains-mapping-an-internal-ip-to-an-external-alias-for-outbound-masquerading.aspx
