Heelo Grant, > What is your FORWARD chain's default policy? That would be DROP: Chain FORWARD (policy DROP) > What does netstat have to say about the connection(s)? On the targeted ssh server (behind the firewall), while being outside ssh'ing in, nothing gets there: tcp6 0 0 *:ssh *:* LISTEN root 5858 2462/sshd tcp6 0 0 placard:ssh ::ffff:192.168.1.1:3280 ESTABLISHEDroot 82534 13605/sshd: olivier Of course, if I disable those 2 new rules, everything's fine, just like it has always been: I sure can connect from the outiside, Port forwarding and all is up and running. tcp6 0 0 *:ssh *:* LISTEN root 5858 2462/sshd tcp6 0 0 placard:ssh -----outside-----:32923 ESTABLISHEDroot 96601 16381/sshd: olivier tcp6 0 0 placard:ssh ::ffff:192.168.1.1:3280 ESTABLISHEDroot 82534 13605/sshd: olivier Thanks for your time, -- Olivier K
