Alan Davies
Question 1: Why did I need to restart the LINUX box. The documentation = states that I could either restart OR echo 1 to the proc/sys file.
You didn't, but maybe you needed to rerun one of the init.d scripts that was looking at that file and doing something else with it.
iptables -L fails to list anything but empty descriptors after issuing = this command - when I rather expected it to show what I had entered.
What exactly does it show? I have never had a message about empty descriptors from iptables, as far as I can recall.
Question 2: Why does iptables not list this rule and
AFAICT, it should.
Question 3: Why can I still not get echo replies from external ip = addresses (except our servers).
Something isn't yet configured correctly?
I suspect I am overlooking the obvious - and of course I lay open my = ignorance in these matters for you to chuckle about as a reward for = pointing me in the right direction (probably retirement!).
You may prefer to set this up through another program like shorewall, as getting iptables just right can be a bit of an ordeal, while things like shorewall have tests and can point out some errors before they are put into the filters. shorewall is definitely available for Mandrake and Debian, and probably much else. Can you please not send HTML to the list? Thanks. -- MJR/slef My Opinion Only and possibly not of any group I know. http://mjr.towers.org.uk/ jabber://slef@jabber.at Creative copyleft computing services via http://www.ttllp.co.uk/ Thought: "Changeset algebra is really difficult."