I see at least a couple of things wrong with the script: > /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 first of all, this line will (imho) masquerade *anything* coming in from 192.168.1.* - anything after this will usually only reject specific services. correct me if i am wrong =) but afaik you should need nothing after this for "standard" services like www and news. at least that's the way it worked for me :) > # Forward DNS traffic > /sbin/ipfwadm -F -a masquerate -b -P udp -S 0.0.0.0/0 53 -D 192.168.1.0/24 ^ typo.. plus, i don't understand this line. it should be unnecessary. > # Forward News > /sbin/ipfwadm -F -a accept -b -P tcp -S 192.168.1.0/24 1024:65535 -D > 0.0.0.0/0 119 > /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 119 -D 192.168.1.0/0 ^ > 1024:65535 A netmask of 0 ( = 0.0.0.0 ) will match everything, this is therefore identical to 0.0.0.0/0 - you probably want /24 there, but i still dont see why this is necessary. Especially not on all ports >1023. Seriously, I don't think you need any of these lines, except the first one. Oh yeah, and the news server should be your isp's, not your masq box. Regards, Pete --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]