This is what makes it all worth while :-> -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Kleiner, Peter Sent: Thursday, December 04, 2003 2:49 PM To: 'netfilter@xxxxxxxxxxxxxxxxxxx' Subject: RE: YAPFQ (Yet Another Port forwarding Question) > 1. Is the firewall that you're configuring the default route for the > IMAP server? No. > If it isn't, then you have to SNAT the initial connection to the IMAP > server. You nailed it!!!! Tried that, and it worked instantly. Now that you suggested it, it makes perfect sense that the packets were coming into the IMAP server with the public IP address and it (the server) was replying to that ip address via its default route, which is other than the new gateway. Thank you thank you thank you!!!!! > 2. It probably isn't such a good habbit to use MASQ so liberally. You > should make sure to tie it to an interface. It is a good habbit to get > into especially when you have many-many-many homed machines. I have a much more extensive firewall script that I use, which locks things down much more tightly. I just wanted to get the port forwarding issue figured out before I lock the sucker down. Did I thank you yet? Thanks!!!!!! I've spent hours trying to figure this out, including switching (needlessly) from RH9 to Slackware. I'm so silly..... PK