> Option 3: proceed as you have been, using a > different private-address range > (192.168.2.0/24) on your LAN, and have the router > NAT (MASQ) the LAN. > Matthew's suggestion on the forward-chain rule is > correct for this, except > that it has to be the first relevant rule the > packets encounter. So try > either inserting it in position 1 or adding if after > you flush the forward > chain. If your ISP has the practice of using a lot > of 192.168.C.0/24 LANs > for its clients, you might be better off using a > different private-address > range, say some subnet of 10.0.0.0/8 ... without > knowing more about your > ISP, it is hard to be certain. But in any case, you > wll need to NAT (MASQ) > in this choice.
Well. Done now. I used your third option but kept to use 2.xxx to be my private private subnt. The solution is to simply move the MASQ rule to the begining of the forward chain. Much appreciate ! Liumei __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
