I recently purchased an ASUS N16 router and discovered the world of custom router software. To Shibby and the Tomato contributors I thank you very much. Kudos and peans of praise! After slogging through the world of ipchains I'd like some help to verify a couple of rules I've changed which, hopefully, properly secure my Tomato VPN gateway. The VPN gateway is established as a PPTP client to a server on the internet. LAN has private address space 10.10.0.0/24. WAN has private address space 192.168.1.0/24 established using DHCP to an internet gateway. The internet gateway also does NAT and has the VPN gateway in its DMZ but no other forwarding rules. Firstly, I have attempted to restrict remote access to the VPN SSH and Telnet admin by using the Tomato GUI. The intention is to only allow "remote" access from machines on the 192.168.1.0/24 network but not from the remote end of the VPN. Allowed Remote IP Address: 192.168.1.0/24 After establishing the client PPTP VPN to an internet VPN server shields-up reports that Telnet and SHH are open. Checking the logfile I see login attacks from China. My fault for using a "what is my ip address" web page found by googling an unknown server. Still, this should not be happening. The following was reported by ipchains: Code: Chain INPUT (policy DROP 1 packets, 32 bytes) target prot opt in out source destination ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:22 If I understand correctly the first rule accepts everything from ppp0 and makes the rest of the input policy useless. I deleted the ppp0 rule using the console. Nothing appears to have broken as a result and shields-up reports eveything is stealthy. Any guess what must be changed to fix this behavior permanently? Secondly, I have added a rule to prevent LAN traffic from routing through the VPN gateway to the WAN (and thus bypassing the VPN tunnel). iptables -I FORWARD -i br0 -o vlan2 -j DROP The obvious place for this behavior is Tomato > Administration > Scripts > Firewall. Although it appears to work correctly I have strange intermittent problems where traffic from the lan to the ppp0 vpn just stops and nothing short of a full reboot corrects the problem. When this happens, before rebooting, I can use Tools > Ping to successfully reach www.google.com. Not certain if I am dealing with hardware, firmware, or network configuration issues. Any insight would be appreciated.