Hi, These are my current rules: http://lab.vectoris.fr/projects/vectoris/browser/IPTables/trunk/firewall (It's a big mess yet because I miss one feature: MSN. I'll clean it later) The box it's running on is the gateway of the LAN to the Internet. As you noticed, FORWARD is DROP by default. I would like to allow MSN to my LAN users. The problem: If I "FORWARD -P ACCEPT", MSN works for the LAN users. If I use it as it is now, MSN doesnt work. Anyway, when setting the MSN LAN clients to use HTTP, it's OK with this config. Any tips? Thank you. PS: no comments on the crappy Facebook DROP ;-). -- Chef de projet chez Vectoris Phone: +261 33 11 207 36 System: xUbuntu 8.10 with almost all from package install http://www.google.com/search?q=mihamina+rakotomandimby -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
