The first rule changes the source address so the packet can traverse the internet. The second rule is allowing the outbound packet but you will need a rule to allow the reply packets such as: iptables -I FORWARD 1 -m state --state ESTABLISHED,RELATED -j ACCEPT You can find an excellent tutorial at http://iptables-tutorial.frozentux.net There are also some slightly dated training slide shows in the training section of the ISCS network security management project web site at http://iscs.sourceforge.net Hope it helps - John On Sat, 2005-12-24 at 14:29 -0800, John P. Lang wrote: > John, > > This is exactly where my confusion lies... I thought that > > > $IPT --table nat --append POSTROUTING --out-interface $EXTNIC -j > MASQUERADE > > > > $IPT --append FORWARD --in-interface $INTNIC -j ACCEPT > > Would basically allow all of the traffic to go through. > Can you point me to a proper tutorial or example on how to properly do this? > > Thanks, > John > > > > After a very quick look, it appears that you are allowing outbound > traffic from the internal NIC but where are you allowing the reply > packets? Do you have a RELATED,ESTABLISHED rule anywhere? - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx Financially sustainable open source development http://www.opensourcedevel.com