hi everyone, I just subscribed the list, and haven't seen what the usual topics are like... So tell me if I'm OT :) I run a local network with a SuSE 7.0 box as nat/dns/firewall (more or less...). as it's only a beginning my rules are not very "secured" yet. now what troubles me is I can ping from this box the internal network, I can ping my two nics, I can ping the external routeur, but I can't ping outside (e.g. real internet sites...). here's an overview of my config : Cisco SuSE7.0 Box LAN | eth0 tr0 internet-----|----------|-----------|-------------- | xxx.xxx.xxx.aaa | xx.xxx.xxx.rrr 192.168.0.ccc xxx.xxx.xxx.bbb On the internal side, I have 2 adresses for the same nic as I need a internal adress for the lan, and an external adress for another computer to be seen from the outside. the eth0 is configured with yast as follow : adress : xxx.xxx.xxx.aaa subnet : 255.255.255.224 gateway : xxx.xxx.xxx.rrr (routeur cisco) the tr0 nic : adress : 192.168.0.ccc subnet : 255.255.255.0 gateway : xxx.xxx.xxx.aaa (eth0) adress : xxx.xxx.xxx.bbb subnet : 255.255.255.224 gateway : xxx.xxx.xxx.aaa (eth0) I've written the script that "should" do the trick.... echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -F forward /sbin/ipchains -P forward DENY route add -net xxx.xxx.xxx.eee netmask 255.255.255.224 gw xxx.xxx.xxx.bbb tr0 /sbin/ipchains -A forward -b -s 0.0.0.0/0 -d xxx.xxx.xxx.fff -j ACCEPT /sbin/ipchains -A forward -b -s 0.0.0.0/0 -d xxx.xxx.xxx.ggg -j ACCEPT /sbin/ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0 -j MASQ (this script has been taken from the old linux box that is supposed to be "dumped"...) I haven't set any default route.. The problem is I can't see outside of the cisco... i don't ping the internet while I can ping both nics from the linux box, and i can also ping the internal network from the linux box.... what have I gorgotten ?.... Thanks in Advance for your answers stephane