ok so i have had bell south for a long time and finally got sick of losing connection once week cause of bad phone lines. so i switched to comcast. so i took my old linux box i used for bell south and i am trying to get it to work for comcast as a router/fire wall. i am able to access web pages on the the box connected to the cable modem but when i go to any other box on my network all i can do is ping if i try to access the a web page i get sent to comcasts saying please contact customer support. or if i try to use telnet to get the page i get this:
telnet yahoo.com 80
Trying 68.87.64.132...
Connected to yahoo.com (68.87.64.132).
Escape character is '^]'.
GET /
HTTP/1.1 403 Forbidden
Server:ServerIron/9.1
Connection: close
Content-Length: 0

Connection closed by foreign host.

now if i do this on my box connected to the modem i get the html code like i should.

i have the fallowing rules set in iptables:

$iptables -t nat -A PREROUTING -j ACCEPT
$iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables - A FORWARD -i eth1 -o eth0 -j ACCEPT
$iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

my modem is connected to eth0 and my lan eth1

i have heard that comcast monitors there traffic for weird mac addresses but i thought masquerade took care of that. could some one please help me out on this please. i would get all my computers back online and scene all comcast tech support would say is we don't support linux or routers there not going to help and i really don't want to switch back to bell south

Oops. I hope you meant that you wanted a POLICY in the nat table of ACCEPT, not to just accept any packet that comes along. The effect of your rules is that the MASQUERADE is never acted on, since the earlier rule stops the flow through the nat table. I think you actually want this: It would also be a pretty nice idea to put some restrictions on the INPUT chain as well, to protect your firewall machine itself from the baddies.

your tables example gives me the same results i still can't browse the internet. but thank you. i think this is some kind of filtering on comcast's end which is why i was asking if anyone had a way around it. because if i take one of my computers and change is mac address to the one that my gateway has and then plug it into the modem directly it works but the second i try to route with it all traffic but http request can't go though i am even able to ssh form a computer in my network out to ones out side its just web sites give that 403 error. i know you can route with a linksys router but i would prefer to do with with my linux box for security reasons. so if any one out there with a linux gateway set up for comcast could please help me with this it would be great.