On Tue, 25 Sep 2001, Vaughn Treude wrote: In ipchains all packets traverse all 3 chains input, output and forward. Your first line has you jumping before reaching the end of all the input options. Here are my 3 lines for my lan: /sbin/ipchains -A input -s 192.168.1.0/24 -i eth0 -j ACCEPT /sbin/ipchains -A output -s 192.168.1.0/24 -i eth0 -j ACCEPT /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ do a cat /proc/sys/net/ipv4/ip_forward if you don't get a single "1" without the quotes then enable forwarding by cat "1" /proc/sys/net/ipv4/ip_forward Maybe I missed it.. how many other machines can ping outside the gateway? HTH Patrick > Another thought: > Are these firewall lines correct? > > Should the network spec on this line be the one connected to the Cisco (eth1) or the internal LAN? (I've tried both!) > /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp > > And these are at the end: > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ > > Yes, my network is set up with a "1" in the third quad. > Thanks again, > VAughn > > Vaughn Treude wrote: > > > Yep. I already had the same DNS addresses entered on both machines, since the ME notebook was working with the dialup connection. > > BTW, I've been revisiting the "test" section of the "IP Masquerade" HOWTO. I was able to find the REAL IP address by telnetting to the Cisco, and I could > > ping that from the Windows box. But I could NOT telnet to the sample fixed IP addresses they gave (like the one for www.linux.org.) Perhaps these have > > changed, or they are more security conscious now and rejected me without the prompt. In any case, my forwarding seems to be failing independent of the > > DNS lookup function. > > Also, it's been suggested that I need to run DHCPD on the firewall box, but the IP-Masq howto doesn't mention this at all. It was my understanding that > > Qwest was doing this for me. I currently haven't tried running DHCPD; haven't figured out the setup yet. > > > > Thanks, > > Vaughn > > > > Kevin Brown wrote: > > > > > and you have DNS configured right? > > > > > > Vaughn Treude wrote: