>We should be talking live. Why don't your join the #centos-social on freenode >so we can chat real time? Robert, Just got back from my trip and reading that Tutorial, it went on to state what I now find to be two distinct opposite thoughts. Its says at http://iptables-tutorial.frozentux.net/chunkyhtml/c962.html that you shouldn't filter in the NAT Postrouting chain as some streams of packets only have their first packet hit the chain and everything else is redirected hence the possibility exists that some packets can miss the rule. It seems the Filter Forward chain is the safest place to limit what gets masq'ed so internal clients could only have say port 80/443 but no ftp access as an example. What are your thoughts in this? Thanks, jlc _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos