http://iptables-tutorial.frozentux.net could not find a better one ;) I hope you know how to manage tables by now. The point is - you should define an INPUT and OUTPUT table for all ppp interfaces that you will be created as users connect to your box. Then you should allow traffic to be forwarded between ppp+ ( it stands for ppp1 and ppp2 and ppp3 etc ) and your external interface. If you already have a rule for MASQ - it should be working. In my setup I masquerade only IP addresses of connected clients. Those who are not connected with pptp dont get any internet access. I hope I could help you ;) the rules shouldn't be to heavy to implement ;) Regards, Edvin -----Original Message----- From: Matthew Price [mailto:mandtprice@xxxxxxxxx] Sent: Donnerstag, 03. November 2005 19:26 To: edvin.seferovic@xxxxxxx Subject: Re: NAT between incomming PPP and office network On 11/3/05, Seferovic Edvin <edvin.seferovic@xxxxxxx> wrote: > Hi, > > I've set up a similar box. I've used ip-up and ip-down scripts to > enter/remove a rule that contains SNATing of ppp client address. Also I have > allowed traffic to be forwarded between ext_dev and ppp+, as well as INPUT > and OUTPUT policies for ppp+ devices set to ALLOW. Maybe you've missed one > of those. > > Regards, > > Edvin Seferovic > Thanks for the quick reply. If you don't mind, what exactly would the iptables command look like to accomplish those rules? I've read so many man pages and howto's that my head hurts, but is not fuller. :( Is there a good source of info for the 2.6 iptables implementation? It seems everything is either really or just somewhat old. Matthew
