I'm fairly new to SuSE 9.0 and am running a small network with firewall on a SuSE Prof 9.0 box, with Linux and NT2000 machines behind it. I have implemented masquerading and the Squid proxy server with no problem. I can get BIND9 to run happily on a SP9 box behind the firewall, but cannot get it to run ON the firewall. I think that DNS is set up ok, as everything runs fine on the firewall when using SuSEfirewall2 test (i.e. no firewall as no packets droped). I really need some help here! My firewall settings are as follows. FW_QUICKMODE="no" FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="domain www 3128" FW_SERVICES_INT_UDP="domain" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data DNS" FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128 0/0,192.168.0.0/24,tcp,21,3128" FW_REDIRECT="192.168.0.0/24,0/0,udp,80,3128 192.168.0.0/24,0/0,udp,21,3128" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" Thanks! Dave Barnes