Please respond to my email address "erich@uruk.org", as I'm not on the email list... Sorry if this is a FAQ, but I couldn't figure this out from the HOWTO, FAQs I could find, nor from the experimentation I've done so far (though it arguably hasn't been exhaustive). My question is: On a Redhat 8.0 machine (most recent patch kernel, based on 2.4.18) with 2 ethernet cards "eth0" and "eth1", I want to Masquerade/NAT connections originating from the eth1 side going out the eth0 side ONLY. I figured out how to keep masquerading only going one direction, but what I can't figure out is how to disable all normal packet forwarding other than the masqueraded connections with iptables. I.e. someone on the other side who knows my internal IP addressing can still send crafted packets through my firewall. Telling the "FORWARD" rule to drop all packets blocks the masq/NAT connections. The same thing happens if I only tell it to drop packets that come from eth0 and go out eth1. So, I'm not quite sure how to do this... can someone help here? Thanks... -- Erich Stefan Boleyn <erich@uruk.org> http://www.uruk.org/ "Reality is truly stranger than fiction; Probably why fiction is so popular"