I'm having a problem with ipchains, the problem is that if I uncomment the line "ipchains -P input REJECT", then the masqurading entries quit working (kind of) I can still masq to a telnet session but nothing else. Here's what I've got ( where $extip is the ipaddress of the external adapter (eth0)) any help is much appreciated David Scott # # config: # 192.168.100.0/16 -> eth1 # xxx.xxx.xxx.xxx/32 -> eth0 (internet) # ipchains -F input ipchains -F output ipchains -F forward ipchains -A input -i !lo -j DENY ipchains -A output -i !lo -j DENY ipchains -M -S 7200 10 60 ipchains -P forward DENY ipchains -A forward -s 192.168.100.0/24 -i eth0 -j MASQ ipchains -A forward -i lo -j ACCEPT ipchains -A input -p icmp --icmp-type destination-unreachable -j ACCEPT ipchains -A input -p icmp --icmp-type source-quench -j ACCEPT ipchains -A input -p icmp --icmp-type time-exceeded -j ACCEPT ipchains -A input -p icmp --icmp-type parameter-problem -j ACCEPT ipchains -A input -p icmp ! -s 192.168.100.0/24 --icmp-type echo-request -j REJECT # # accept DNS traffic on both UDP and TCP # ipchains -A input -p udp -s xxx.xxx.xxx.xxx 53 -j ACCEPT ipchains -A input -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT # # accept incoming SMTP, GLFTPD, TELNET, AUTH requests # since tcp-wrappers handle the security for most of these # ipchains -A input -p tcp -d $extip smtp -j ACCEPT ipchains -A input -p tcp -d $extip www -j ACCEPT ipchains -A input -p tcp -d $extip glftpd -j ACCEPT ipchains -A input -p tcp -d $extip telnet -j ACCEPT ipchains -A input -p tcp -d $extip auth -j ACCEPT ipchains -A input -p tcp -d $extip 6363 -j ACCEPT ipchains -A input -p udp -d $extip 6363 -j ACCEPT ipchains -A input -p tcp -d $extip ssh -j ACCEPT ipchains -A input -p TCP -d $extip 6000 -j REJECT ipchains -A input -p TCP -d $extip netbios-ssn -j REJECT ipchains -A input -p TCP -d $extip time -j REJECT ipchains -P input REJECT