Hello, as the subject says, I'm having problems with SuSEfirewall2. I just replaced my working SuSE 7.0/SuSEfirewall1 setup with a new 7.3 installation. My Linux machine does DSL dial-on-demand and masquerades several other machines in the internal network, giving them internet access. The masqueraded machines are allowed to do anything they want. The outside world is allowed to access ssh and www on the firewall, but nothing else. As I said, I had a working setup for SuSE 7.0, which basically looked like this (new key names used here): FW_DEV_EXT=ppp0 FW_DEV_INT=eth0 FW_ROUTE=yes FW_MASQUERADE=yes FW_MASQ_NETS=192.168.0.0/24 FW_PROTECT_FROM_INTERNAL=no FW_AUTOPROTECT_SERVICES=yes FW_SERVICES_EXT_TCP=ssh www I tried to use the same setup with SuSEfirewall1 (the updated package from the SuSE web site) first. It worked, but I couldn't live with the restrictions (no FTP, ...), so I tried SuSEfirewall2 with mostly the same settings. Masquerading seems to work, as well as the firewall itself (nothing except ssh and www arrives at the machine), but there's one problem that I can't get rid of: The firewall machine itself is not able to access either the internal network or the internet. Error messages look like this: [...] SuSE-FW-UNALLOWED-TARGETIN=ppp0 [...] SRC=217.5.115.7 DST=217.226.71.131 [...] and [...] SuSE-FW-UNALLOWED-TARGETIN=ppp0 [...] SRC=194.25.2.129 DST=217.226.71.131 [...] where the SRC IPs belong to the two DNS is use, and the DST IP is the one dynamically assigned to me. I tried some additional settings, for example FW_ALLOW_CLASS_ROUTING, but to no avail. Any pointers into the right direction would be greatly appreciated. Regards, Joerg Pleumann