How can I specify over which ports communication should be allowed between internal, DMZ and Internet without having to forward ports directly from the firewall to the DMZ? I have several offical IP-Addresses in the DMZ and on two machines is a Webserver running on port 80, so port-forwarding wouldn't fit my needs. Services in the DMZ should be available under their proper IP-Address. Would 'firewall2-custom.rc' be the right place for placing such things or is my brain simply a bit overloaded so I don't see the point? Security problems considering such kind of accessing the DMZ? The firewall itself is running well, as well as routing between DMZ an Internet. As firewall I'm running SuSE firewall2 on SuSE 7.3. The internal LAN is masqueraded Any hints or links for further information on firewall2? Thanks in advance, Andreas