On Sun, September 10, 2006 04:21, varun wrote: > Yes I did all that you suggested. > I think OUTPUT should allow tcp and udp out ? What do you think ? It should allow out what you need, but most people leave it's policy to ACCEPT without any rules because it's easier. AFAICS, when you have the appropriate state rules in the INPUT and OUTPUT chain, having an ACCEPT rule for tcp dport 22 should allow you to setup a ssh connection to a remote server. Having ACCEPT rules for tcp/udp dport 53 should enable you to do DNS lookups. Again, if that doesn't work, insert a logging rule to the end (before the DROP) of the chain to see *what* get's dropped (and post it here). Gr, Rob
