Helo Folks, I still got a problem to set iptables for my Proxy Squid. All other doing well, but I think with Squid I have an understanding problem. My Gateway has three nic`s. IF_WAN="ppp0" DSL IF_EXT="eth0" is extern were ppp0 talks pppoe for dsl. IF_DMZ="eth1" is DMZ IF_LAN="eth2" is LAN My conception is squid runs as an lokal service on this Gateway. So I have to write a rule with --dport 3128 for an INPUT way to and an OUTPUT way back on Interface eth2, because Squid is running as an lokal service. Squid himself has to leave that Gateway to the Internet on Interface $IF_WAN with --dport 80 to --sport 80 and comes back as it goes. The meens to write a rule with OUTPUT and INPUT on $IF_WAN. But it doesn`t work. I also think about a FORWARD rule but is my conception so wrong?? Dirk