Hello List, I'm trying to build a firewall with ipchains which also should masqerade an internal net. The problem is that I can't ping from inside to the outside. I was able to ping from the inside to the firewall and from the firewall to the outside. If I use a "firewall" like ipchains -F ipchains -P input ACCEPT ipchains -P output ACCEPT ipchains -P forward ACCEPT ipchains -A forward -i $EXTERNAL_INTERFACE -s $INTERN -j MASQ I'm able to ping from inside to outside. In my "real" firewall, I tried it the same way like ssh, which works fine, but ssh has tcp as protokoll and not icmp like ping. My configuration for ssh is the following which works fine ipchains -A input -i $INTERNAL_INTERFACE -p tcp -s $INTERN $SSH_PORTS \ -d $ANYWHERE 22 -j ACCEPT ipchains -A output -i $INTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22 \ -d $INTERN $SSH_PORTS -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s $EXT_IPADDR $UNPRIVPORTS \ -d $ANYWHERE 22 -j ACCEPT ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22 \ -d $EXT_IPADDR $UNPRIVPORTS -j ACCEPT ipchains -A forward -i $EXTERNAL_INTERFACE -p tcp -s $INTERN $SSH_PORTS \ -d $ANYWHERE 22 -j MASQ I don't want to use a general rule like ipchains -A forward -i $EXTERNAL_INTERFACE -s $INTERN -j MASQ, And converting the rule from ssh/tcp to ping/icmp doesn't work. (I think it's also because of sending ICMP 8 and receiving ICMP0) TIA Guido