it really depends on what you want the world to see. here's some questions for you - do i want to provide http to the outside world , if yes, port 80 should be allowed and maybe 443 for https - do i need my server to provide DNS services, if yes port 53 - do i need mail to be send to that server, if yes port 25 - do i need ssh access from external, if yes 22 - do i need ftp or other services accessible from external, see respective ports the bottom line is, you can follow the european way, i.e only allow what is neccesarry, or follow the us approach, allow everything and deny certain items. so from dmz to external you should allow at least http smtp dns from external to dmz only allow httpd than add whatever protocolls you really need. remember, security is always the hassle between personal freedom and a better feeling when going to bed at nite. regards Evert -----Original Message----- From: Omppu [mailto:Omppu@Aktivist.NET] Sent: Tuesday, January 22, 2002 11:05 AM To: suse-security@suse.com Subject: [suse-security] a simple question now with the basic installation of susefirewall2 no server from the dmz can access the world. what parameter can should i add and where to if i want the servers on the dmz to access for example ports 22, 25, 80, 5800 hoping for a reply this time, regards O. -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com