Hi, I want to forbid single Computers connection to internet. Therefore I did the following: Computer E00, wegerich www-proxy E01... 192.168.8.240--+ 192.168.8.241--+---192.168.8.8<-->192.168.254.1----192.168.254.2<-->Internet ... We use internal IP-Adresses 192.168.x.y; Router wegerich is necessary, because 2 other schools are connect via this router. www-proxy is NOT administered by us. squid is running on www-proxy, masquerading is activated on all ports, so that surfing is possible withot proxy. Now I want to disable Internet-Connection via http for a single computer by using forwarding-rules on wegerich. # disable proxy, works! /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 192.168.251.2 81 # enable web-server, works /sbin/ipfwadm -F -a accept -S e00 -D 192.168.251.2 # disable rest of the world, doesn't work /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 0.0.0.0 why does the last rule not work and connection (http) is possible via masquerading? Jens Leilich --- jens.leilich@bbst1.lu.rp.schule.de, http://bbst1.lu.rp.schule.de BBS Technik I Ludwigshafen, Franz-Zang-Str. 3-7, 67059 Ludwigshafen Telefon +49 621 504-4110 (Anrufbeantworter) (Answering Machine) +49 621 504-4101 (Sekretariat) Telefax +49 621 504-3789