On Sun, 10 Mar 2002, Michael Stern wrote:

...

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

do you think that's enough?

On second glance: no, I overlooked that there was no FORWARD rule that allows starting an outgoing connection. (Like: iptables -A FORWARD -o ppp0 -j ACCEPT)

the FORWARD chain's default policy is already ACCEPT?!

Oops - I didn't see that (I usually use default policy DROP on all chains); so the FORWARD rules have no effect at all (unless there are some packet-DROPping rules later in the chain). So the error has to be somewhere else... One shot in the dark: is the default route on the workstation set correctly? When I started playing around with masquerading/port forwarding, I tended to occasionally forget that... What does /var/log/messages say - any dropped packets? Martin