Somebody in the thread at some point said: >> iptables -t nat -A POSTROUTING -s $DMZ -o eth0 -j MASQUERADE >> is the only MASQUERADE that is relavant . $DMZ = 192.168.1.0/24 the hq >> cisco router sits in the dmz. >> I have listed below the the rules i have in the fire wall that are >> relavant >> >> iptables -A FORWARD -d 192.168.199.253 -j ACCEPT << doesnt work >> iptables -A FORWARD -s 192.168.199.253 -j ACCEPT << doesnt work Don't you need a -p tcp between the FORWARD and the -d / -s? For other iptables commands anyway it insists to have the protocol named before it can interpret the addresses you are giving. Also you mentioned earlier 192.168.199.254/24, AIUI that is evil, you must actually use 192.168.199.0/254 to give that properly in CIDR. Of course maybe you just typed it in the email and it is fine if used in CIDR. -Andy
