hi, i am going to set up my own firewallscript on my suse 7.3 box using iptables in order to get familiar with iptables. i have two nic's setup: eth0 192.168.0.0/24, connected to my private lan with 192.168.0.250 assigned to eth0 eth1 192.168.1.0/24, connected to my dsl-modem with 192.168.1.250 assigned to eth1 at the beginning i would like to achieve the following: 1. blocking all incoming requests to ports 0-1023 with 2. masquerading, so all clients on my network can talk to the net via eth1 first point can be done with iptables -A INPUT -p tcp --dport 1:1023 -j DROP, second with iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE, right ? what i don't understand is how to "route" packets between eth0 & eth1, so packets from/to the internet are routed via eth1 *WITHOUT* bypassing my firewall. is "echo 1 > /proc/sys/net/ipv4/ip_forward" the right choice ? regards, jens