Hello I am running repeatedly into a brick wall here over SuSEfirewall2 Three NIC's - a real IP DMZ, a masqueraded LAN on 192, and a DSL router which is my DFG and name server. I can do most stuff I hoped it would do when I sat down and figured out what I needed - like web, mail, imap, ssh, MSN IM blah blah. BUT I CANNOT PING. No where on the network can ping at all. Masqueraded clients can resolve but then nothing. This is what I get in the /var/log/firewall (where 14 is the router - and the 192 address is the test client): Sep 5 15:40:40 prometheus kernel: SuSE-FW-DROP-ANTI-SPOOFIN=eth0 OUT= MAC=00:01:02:24:8b:9a:00:20:6f:09:7c:b5:08:00 SRC=217.34.212.14 DST=217.34.212.2 LEN=315 TOS=0x00 PREC=0x00 TTL=60 ID=42849 PROTO=UDP SPT=53 DPT=1027 LEN=295 ....this is just one example of many SPOOF issues - but the one that I think points the strongest towards my current issues. With a bit of luck the act of asking for help will bring some enlightenment?! ---- For your entertainment (take it easy on me!) is the setup # 2.) FW_DEV_EXT="eth0" # 3.) FW_DEV_INT="eth2" # 4.) FW_DEV_DMZ="eth1" # 5.) FW_ROUTE="yes" # 6.) FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="$INT_LAN_RANGE,0/0,tcp,20 $INT_LAN_RANGE,0/0,tcp,21 $INT_LAN_RANGE,0/0,tcp,22 $INT_LAN_RANGE,0/0,tcp,23 $INT_LAN_RANGE,0/0,tcp,25 $INT_LAN_RANGE,0/0,tcp,37 $INT_LAN_RANGE,0/0,udp,37 $INT_LAN_RANGE,0/0,udp,43 $INT_LAN_RANGE,0/0,udp,53 $INT_LAN_RANGE,0/0,tcp,53 $INT_LAN_RANGE,0/0,tcp,80 $INT_LAN_RANGE,0/0,tcp,110 $INT_LAN_RANGE,0/0,tcp,113 $INT_LAN_RANGE,0/0,tcp,123 $INT_LAN_RANGE,0/0,udp,123 $INT_LAN_RANGE,0/0,tcp,143 $INT_LAN_RANGE,0/0,tcp,443 $INT_LAN_RANGE,0/0,tcp,554 $INT_LAN_RANGE,0/0,tcp,993 $INT_LAN_RANGE,0/0,tcp,1863 $INT_LAN_RANGE,0/0,tcp,2401 $INT_LAN_RANGE,0/0,tcp,5800 $INT_LAN_RANGE,0/0,tcp,5900 $INT_LAN_RANGE,0/0,tcp,6800:6900 $INT_LAN_RANGE,0/0,udp,6800:6900 $INT_LAN_RANGE,0/0,tcp,6901 $INT_LAN_RANGE,0/0,udp,6901 $INT_LAN_RANGE,0/0,tcp,6970:7170 $INT_LAN_RANGE,0/0,tcp,7070" # 7.) FW_PROTECT_FROM_INTERNAL="yes" # 8.) FW_AUTOPROTECT_SERVICES="yes" # 9.) FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="53 3128" FW_SERVICES_DMZ_UDP="53" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="23 53 3128" FW_SERVICES_INT_UDP="53" FW_SERVICES_INT_IP="" # 10.) FW_TRUSTED_NETS="$EXT_ZFT_GATE,tcp,22" # 11.) FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # 12.) FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" # 13.) FW_FORWARD="$INT_LAN_RANGE,$DMZ_IP_RANGE 0/0,$DMZ_EXCHANGE,tcp,25 0/0,$DMZ_EXCHANGE,tcp,80 0/0,$DMZ_EXCHANGE,tcp,135 0/0,$DMZ_EXCHANGE,tcp,443 0/0,$DMZ_BACKUP,tcp,21 0/0,$DMZ_BACKUP,tcp,20" # 14.) FW_FORWARD_MASQ="" # Beware to use this! # 15.) FW_REDIRECT="" # 16.) FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" # 17.) FW_KERNEL_SECURITY="yes" # 18.) FW_STOP_KEEP_ROUTING_STATE="yes" # 19.) FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes"