Hi Sridhar, try to "jump" from the forward chain and not from the output chain; your syntax error is "web" and "forward" are chains and you cannot concatenate 2 chains :-) regards gerhard Sridhar am 27.09.2000 19:05:09 Bitte antworten an omicron@symonds.net An: suse-security@suse.com Kopie: Thema: [suse-security] internet gateway--ipchains hi i have a gateway for the internet. and also an internal machine , both running linux with ipchains . i want to set up masquerading in the gateway for the internal comp. i set up the masq in the forward chain of the gateway, but how do i tell to recognise the gateway ? i tried settingit up so that , every packet from the internal machine whose destination is _not_ the gateway must be forwarded to the gateway. but somehow i think i'm wrong in giving the command. on the internal machine, i tried.. #ipchains -N web #ipchains -A output -b -d 192.168.1.2 -i lo ACCEPT #ipchains -A input -b -d 192.168.1.2 -i lo ACCEPT # ipchains -A output -d ! 192.168.1.1 -i eth1 -j web #ipchains -A forward ACCEPT the below one is causing problem... **** # ipchains -A web forward 192.168.1.1 this is not working. there is a syntax error somewhere.. can u help ? --cheedu -- Optimist ? No... Pessimist ? No... Opportunist ? *Yes* !! :D Sridhar omicron@cheedu.dyndns.org ------------------------------------------------------------------------ Gerhard Possler