Hi again I'm probably thinking to much here but I've got a bit of a problem with allowing traffic from my local network out to the Internet. Currently I've got the following rules which should do that: # Allow traffic from LAN to WAN $IPT -t nat -A PREROUTING -i $LAN -s $LOCAL_NET -j ACCEPT $IPT -t filter -A FORWARD -i $LAN -o $WAN -s $LOCAL_NET -j ACCEPT $IPT -t nat -A POSTROUTING -o $WAN -s $LOCAL_NET -j MASQUERADE My problem is with the first rule, where I'm uding the "nat" table but I'm not doing any NATing, more like filtering since I only pass some packets. And filtering is not supposed to be done in the "nat" table but on the other hand there is no filter table in PREROUTING. But the alternative would be to have a ACCEPT policy in the PREROUTING-chain and do all the filtering in the FORWARD-chain, which is kind of unnecessary since a number of packets would then have to travel through a number of rules (larger than the number of rules in the PREROUTING-chain) just to be droped in the end. So is my rule OK to use or would you do in any other way? -- Erik Wikström
