it seems that ssh uses privileged ports (0:1023) on the source host and port 22 on the target host. so, with ipfwadm I use someting like # forward ssh connections to outside hosts ipfwadm -F -a forward -P tcp -S 192.168.0.0/16 0:1023 -D 0.0.0.0/0 22 that works fine for me. I have never experimented ipchains (I still use kenel linux 2.0.x) hope this help. marco