Hi guys, thanks for all. I have this problem whith iptables:, Io gestisco una rete con 10 pc (indirizzo e' I have a lan whit 10 pc (use win9X) and have ip 10.10.10.2 ecc..) Tree days ago Telecom build in my farm the adsl (using router adsl cisco ) i wont to create a firewall and use natting for pc I build a pc whit Slackware 10.1 and i do this script: ----Information LAN-------- eth0: 10.10.10.50 netmask 255.255.255.0 (ETHO IS connected to switch ) eth1:178.133.80.74 netmask 255.255.255.248 (IP STATIC,GIVE ME THIS IP FROM TELECOM ) gatway 78.133.80.73 netmask 255.255.255.248 (GATWAY IP, GIVE ME THIS FROM TELECOM ) DNS 151.99.125.1 (DNS IP, GIVE ME FROM TELECOM ) ------SCRIPT FOR ETHERNET CONFIGURATION---------------- //ETHERNET INTERFACE file conf.ps !/bin/bash ifconfig eth0 10.10.10.50 netmask 255.255.255.0 ifconfig eth1 178.133.80.74 netmask 255.255.255.248 route add -net default gw 178.133.80.73 netmask 255.255.255.248 # END SCRIPT CONF.PS //--- I WRITE IN /etc/resolv.conf NAMESERVER=151.99.125.1 //--------FIREWALL SCRIPT firewall.ps #!/bin/bash IPTAB=iptables NAMESERVER=151.99.125.1 IPADD=178.133.80.74 # IMPORTANT UTILITY echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 1 > /proc/sys/net/ipv4/conf/all/log_martians #CLEAR ALL $IPTAB -F $IPTAB -X $IPTAB -Z $IPTAB -t nat -F $IPTAB -t nat -X # DROP ALL $IPTAB -P INPUT DROP $IPTAB -P FORWARD DROP $IPTAB -P OUTPUT DROP $IPTAB -A INPUT -i lo -j ACCEPT $IPTAB -A OUTPUT -o lo -j ACCEPT # FROM LAN TO INTERNET $IPTAB -A INPUT -s 10.10.10.0/24 -i eth0 -j ACCEPT # FORWORDING $IPTAB -A FORWARD -i eth0 -s 10.10.10.0/24 -j ACCEPT $IPTAB -A FORWARD -i eth1 -d 10.10.10.0/24 -j ACCEPT # QUERY DNS (SERVER-> CLIENT) $IPTAB -A INPUT -i eth1 -p udp -s $NAMESERVER --sport 53 -m state --state ESTABLISHED -j ACCEPT $IPTAB -A INPUT -i eth1 -p tcp -s $NAMESERVER --sport 53 -m state --state ESTABLISHED #QUERY DNS (CLIENT-> SERVER) $IPTAB -A OUTPUT -o eth1 -p udp -d $NAMESERVER --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTAB -A OUTPUT -o eth1 -p tcp -d $NAMESERVER --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT #HTTP E HTTPS $IPTAB -A INPUT -i eth1 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT $IPTAB -A OUTPUT -o eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTAB -A INPUT -i eth1 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT $IPTAB -A OUTPUT -o eth1 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT #NAT $IPTAB -t nat -A POSTROUTING -o eth1 -s 10.10.10.0/24 -j SNAT --to $IPADD #fine WHEN I START TO FIREWALL THE CLIENT CAN'T TO GO TO INTERNET, HELP ME !!!! P.S. excuse me for my bad english REGADS MICOL Grazie mille ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it