The missing link for me was that if you're using "standard" linux firewalling, which is packet filtering, you _need_ ip forwarding enabled. (The HOWTO says don't enable it, but that's for TIS proxying firewalls - not what we're talking about here.)
Also, for ipchains at least, order counts. You need to enable everything that you want to let through first, and then disable _everything_ last. The first rules in the chain get "executed" before the ones in the end. With those two tips, and the docs, I was able to get my firewall working the way I wanted. Feel free to email me if that's not enough info. (BTW, you need a 2.1 kernel for ipchains afaik.) Later, Dale -- +------------------ email me for my pgp public key --------------------+ | Dale E. Martin | Clifton Labs, Inc. | Senior Computer Engineer | | [EMAIL PROTECTED] | http://www.clifton-labs.com | +----------------------------------------------------------------------+