netfilter (iptables, kernel 2.4) or ipchains (kernel 2.2)? If you are using ipchains, check out http://plonk.sourceforge.net/ It's a good script for setting up a decent firewall and masq box. There is a aplha script from IPTables as well. I'm no expert, but I'd do something like deny all incoming connections on the external interface, then allow each service. Then allow forwarding of everything from the internal to the external. The script above will do a decent job of getting you up and running in no time. -- | Andrew S. Zbikowski | Home: 763.591.0977 | | http://www.ringworld.org | Work: 763.428.9119 | | http://www.itouthouse.com | PCS: 612.306.6055 | | This message is protected by double ROT13 | | encryption. Any attempt to circumvent the | | digital protection is banned by the DMCA. | -------------- next part -------------- A non-text attachment was scrubbed... Name: andyzib.vcf Type: text/x-vcard Size: 2265 bytes Desc: Card for Andy Zbikowski (Zibby) Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010520/5a6ab415/andyzib.vcf