http://morison.biz/technotes/articles/57 This link is hands down the best tutorial of IpTables I've come across. Linux IpTables can be confounding. I usually create a rule and try it out with tcpdumps running on both sides, sort of a "hail Mary" approach. A careful read-through of Iptables Tutorial 1.2.2 really straightened me out. In particular, the DNAT Target section finally answered my questions, and fixed the issue, with my port forwarded servers not responding to clients from within their masqueraded network. A very good read, especially if you've "kinda" figured out IpTables, just enough to be dangerous, but are missing some key points to get rules to do what you want. (You can skip the lengthy SCTP coverage, unless that's something you're working with.) Once again: http://iptables-tutorial.frozentux.net/iptables-tutorial.html en 2006-2008, Rod Morison Software technotes@morison.biz Sun, 01 Aug 2010 10:28:46 GMT Yet Another Community System http://blogs.law.harvard.edu/tech/rss 70