All, I am having a problem that I hope someone could shed some light on. I have a machine running 3COM VPN software behind a SuSE 7.3 system running the 2.4.20 kernel. I am having a problem writing the appropriate rules that will allow this machine to talk to a VPN server that is sitting on the outside world. I know I have to write a protocol 47 rule, but am not sure the exact syntax. I tried the following: iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT However, running a tcpdump while trying the connection shows: 172.16.0.1 > 172.16.0.16: icmp: x.x.x.x protocol 47 port 34827 unreachable (x.x.x.x = outside address) Do I need to add additional support rules, or is my syntax just incorrect? Any assistance that can be offered is greatly appreciated. Drew