OK, I have an i586 running SuSE 8.0 (2.4.18-4GB) acting as a firewall and doing forwarding and masquerading. I have read every conceivable FAQ on firewalls and iptables. I don't claim to understand everything I've read, and my brain is bleeding through my ears now, but I want more. My system is presently working fine. I have a DSL modem connected to eth1 and am using rp-pppoe to get my ppp0 up and running so that several systems on the subnet attached to eth0 can get to the internet. All is well. I even have a machine (SuSE 7.3 SPARC) on the internal network running www, dns, and a couple other things that the firewall machine is forwarding things to, as appropriate. When I run iptables -L, I get reams and reams of junk. I've gone through it and understand more than half of it, but it seems like there are some rules there that I don't want, and there are some that I do that aren't there. I can manually tweak the chains a little bit (for instance, I manually disabled and reenabled forwarding 8079 on the gateway to 8080 on the Sun box via iptables -t nat -R blah blah blah... yay!) but I can't find where the rules live. Is there a cental config file that has all the rules? If I change things via the command line, and like my changes, how do I make them effective after a restart? Another thing I can't figure out is how to allow the internal network to access my domain just like an outside user would; for instance, I'm at 192.168.0.1 and I want to hit http://example.com, which is currently DNATed to 192.168.0.3:80 -- how can I tweak my config such that 192.168.0.1 can surf to http://example.com and have everything get resolved OK? Where do I find this stuff out? Thanks much, Ian