Greetings, I have freed up a card in my bond config to link to my main network, I need to implement a firewall before I do the uplink, It is quite simple and I have started. But I am not sure? Here is what I have, Production network 192.168.2.0 mainnetwork 196.2.1.0 my server on the production network with 2 interfaces bond0 192.168.2.1 and eth0 196.2.1.151 the main network is a windows domain. and the gateway to the www there is 196.2.1.xx I have one critical machine sitting in the production network that needs to access the main network. 192.168.2.5 The rest of the production must have no access to the main network All the machines on production including 192.168.2.5 have a default gw of 192.168.2.1 (my server) The firewall 196.2.1.xx on the main main network routes all production traffic back to my server on eth0 196.2.1.151 here is my iptables file, I don't think this is very secure, =========================================== *nat :PREROUTING DROP [4:440] -A PREROUTING -i bond0 -s 192.168.2.0/255.255.255.0 -j ACCEPT -A PREROUTING -i eth0 -s 192.168.2.5 -j ACCEPT :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A POSTROUTING -o eth0 -s 192.168.2.5 -j MASQUERADE :OUTPUT ACCEPT [0:0] COMMIT *filter :INPUT DROP [5:716] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -i bond0 -m icmp -p icmp -j ACCEPT :FORWARD DROP [0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m state --state NEW -j ACCEPT :OUTPUT ACCEPT [0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT ============================================ TIA Chadley Wilson Redhat Certified Technician Cert Number: 603004708291270 Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================