Thanks to all for the pointers. Later today I'll try them out. I thought I had tried the 'forward' one also. (forgot to mention earlier). Around Thu,Jun 03 2004, at 06:12, Tomaz Kravcar, wrote: > The concept in iptables is different than in chains. > Everithing which is just passing by your server goes > through FORWARD and not through INPUT or OUTPUT. > Try: > > iptables -A FORWARD -i eth2 -o eth1 -j DROP > > Tomaz > >