hi i have a gateway for the internet. and also an internal machine , both running linux with ipchains . i want to set up masquerading in the gateway for the internal comp. i set up the masq in the forward chain of the gateway, but how do i tell to recognise the gateway ? i tried settingit up so that , every packet from the internal machine whose destination is _not_ the gateway must be forwarded to the gateway. but somehow i think i'm wrong in giving the command. on the internal machine, i tried.. #ipchains -N web #ipchains -A output -b -d 192.168.1.2 -i lo ACCEPT #ipchains -A input -b -d 192.168.1.2 -i lo ACCEPT # ipchains -A output -d ! 192.168.1.1 -i eth1 -j web #ipchains -A forward ACCEPT the below one is causing problem... **** # ipchains -A web forward 192.168.1.1 this is not working. there is a syntax error somewhere.. can u help ? --cheedu -- Optimist ? No... Pessimist ? No... Opportunist ? *Yes* !! :D Sridhar omicron@cheedu.dyndns.org ---------------------------------------------------