John, This is exactly where my confusion lies... I thought that > $IPT --table nat --append POSTROUTING --out-interface $EXTNIC -j MASQUERADE > > $IPT --append FORWARD --in-interface $INTNIC -j ACCEPT Would basically allow all of the traffic to go through. Can you point me to a proper tutorial or example on how to properly do this? Thanks, John > After a very quick look, it appears that you are allowing outbound traffic from the internal NIC but where are you allowing the reply packets? Do you have a RELATED,ESTABLISHED rule anywhere? - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net
