Below is my script, I have eth1 as my internal interface and eth0 as my external interface which will allow pkts into my ADSL gatway:192.168.0.5 and get routed out into the internet. I am now doing a very simple script which i want to allow my internal lan to be abled to ping the internet. LAN_INT=”eth1” LAN_ADDR="192.168.30.10" LAN_ZONE=”192.168.30.0/24” DMZ_INT=”eth0” DMZ_ADDR="192.168.0.10" DMZ_ZONE="192.168.0.0/24" IPTABLES -A FORWARD -i $LAN_INT -o $DMZ_INT -j ACCEPT IPTABLES -A FORWARD -i $DMZ_INT -o $LAN_INT -j ACCEPT the rules above does not allow my internal lan to ping any address from the internet!!! anyway can help pls.......

you need a masq or NAT rule.

how do I do that?

Hi m8, I read your question as "how do I ping my PC from a remote pc on the internet". If that's not what you meant, soz u might need to rephrase it :) Anyway, the following rule should work $IPTABLES -A INPUT -i $DMZ_INT -p ICMP -s $0.0.0.0/0 -d DMZ_ADDR -j ACCEPT this is where u have used DMZ_INT to be your external interface and DMZ_ADDR to be your external IP. This rule says 'accept any ICMP protocol incoming on the external interface from any PC' Hope this helps... Regards Dan Garland