Hi Volker, Thank you very much for your advice! I had to add the following commands to let it work: ipchains -A forward -s 192.168.3.0 -s 192.168.11.0 -j ACCEPT ipchains -A forward -s 192.168.11.0 -s 192.168.3.0 -j ACCEPT ipchains -L forward now looks like: Chain forward (policy DENY): target prot opt source destination ports fw_masq all ------ 192.168.11.0/24 0.0.0.0/0 n/a fw_masq all ------ 192.168.3.0/24 0.0.0.0/0 n/a ACCEPT all ------ 192.168.11.0/24 192.168.3.0/24 n/a ACCEPT all ------ 192.168.3.0/24 192.168.11.0/24 n/a DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a Is this OK? Now I can ping, telnet, whatever over the two subnets. In addition to this, is there a way to route broadcasts to the other subnet? Yours Daniel -- ************************************************* * Daniel Jung * Daniel.Jung@dj-web.de * * Linux-User: #118180 * http://fly.to/dulcian * *************************************************