Hi! I've read the following example script for a linux box with masquerading and some firewall rules: http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/examples/rc.firewall-2.4-stronger
So far I think I understand everything except this line: $IPTABLES -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT How can an OUTPUT of the internal interface have the external IP address as source IP ?? And why would it be accepted? As far as I understand it, the masquerading and stuff is all done in the FORWARD chain. I can't think of an example where a packet originating from the internal interface of my firewall can have the external IP as source. Regards Patrick
