Oliver Niesner writes: > This setup works fine, but only when i do MASQUERADE on eth0, on my firewall pc! > I thought it must be possible, that only my dsl-router is doing the NAT and > everything else is routed inside the private net! > (the necessary routes are set, every machine could ping each other) > What i'm missing? My guess would be that you're missing routes? I.e. that either your cerowrt box doesn't know how to find 192.168.0.x, or (more likely), your DSL modem doesn't know how to find 192.168.1.x? You can try running tcpdump on eth0 of your firewall pc while you do a ping, and see if you have ICMP packets in one direction only. If so, that might be an indication of missing routes. :) -Toke