I have an Internet facing server running pptpd. Users who connect via pptp need to be able to route through the server to the rest of the Internet. As well as configuring net.ipv4.ip_forward=1 I also have iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE .. and it all works. However, is the above iptables command too broad for an internet server? Doesn't it effectively mean that anyone can send traffic through it? Assuming the pptp interface is ppp0 I would have expected (having very little iptables knowledge) that: iptables -t nat -A POSTROUTING -o eth0 -i ppp0 -j MASQUERADE .. would be better but I'm just guessing and I don't want to kill access to the remote server by playing! Given that every howto I find says to use just "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" I assume that's actually right, so I think I'm just asking for help understanding why. Mark -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG