My network consists of two subnets (with two different network-devices (eth0, eth1)). The computers attached to these subnets should be able to reach the internet (ippp0) (this is already working). But additionally the computers of the two different subnets should be able to reach each other, too.
Turn logging on for denied packets. Try connect from a computer on one subnet to a computer on the other subnet. The examine the log file for denied packets correlating to the connection that failed (use ftp or telnet or something simple - but not ping). The last number on the logged line (with the # in front of it) is the rule which denied the packet. Run ipchains -L input -n --line oon the destination computer and find the denying rule. Then study the SuSEfirewall script a bit (it's well-commented) and find out where you have to hack it to make things go. The script makes a lot of assumptions to keep things simple, and having 2 different internal nets is not supported so you have to fiddle the rules. Volker