Hi All, My office now using Linux has our main firewall, and we have openswan to link with other branches. I did follow one of the guide to change the iptables to let the openswan connection pass through : iptables -t nat -A POSTROUTING -s 172.16.0.0/12 -d ! 172.16.0.0/12 -j MASQUERADE But seems this change cannot let the openswan working properly, so I added a line before above rule: iptables -A FORWARD -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT Now it is works fine with the openswan, but is it risky to enable forword chians for my local network?