I am having trouble with IP chains

I can ping the outside world, but nothing else.

I have my ip forwarding turned on.

I can't seem to pass www/dns/smtp/pop traffic through my linux firewall.

I have all the rules flushed save:
forward (policy DENY)
MASQ all ---- 10.10.12.0/24 anywhere n/a

input and output are both set to policy ACCEPT but I have no rules there.

I would like users to be able to www/smtp/pop/ through this box, however I can't seem to figure out the rules.

I don't have a DMZ, just internal / external ethernets.

I have read the ipchains how to, but I need some more hand holding.

Your help is appreciated.

Thanks,

I haven't done any port forwarding/masquerading with linux, only one ipchain firewall that's around my comp. So i'm doing part quesswork here.

But from what i understand since all your routers forwarding is set to DENY nothing is getting through. How the ping does it, i can't figure out :). Input and output chains are for the computer itself. If it is a firewall/router machine, i suggest you set it's chains more tighter since it itself is fully open.

Ps. correct me on the what input, output and forward/masq does if i'm wrong here, 'cause i've based my own comp firewall on that assumption (forward is DENY since this isn't a router).

Do you have some examples of 'forward' chains that allows dns/smtp/pop stuff through?

Thanks,

Since i don't know anything how masquerading works, i haven't done any ipchain rules conserning masq and forwarding. Basicly i think that forwarding goes same as input/output but how the masquerading affects it, i don't know. The holes to firewall (afaik) you have to make are for tcp protocol to following ports:
dns (server&client) 53
smtp (server&client) 25
pop (client) 110
imap (server) 143
http (server&client) 80
https (server&client) 443
ssh (server&client) 22