Hello Jens, Wednesday, 16 January 2002, you wrote: JW> Hi folks, JW> there's a tiny masqueraded lan (192.168.0.0/24) behind a firewall (suse JW> 73, Susefirewall2), standard-configuration. JW> Task: Enable remote control of the internal computers via VNC. JW> The following already works: JW> (1) intern <-> intern JW> (2) intern <-> firewall JW> (3) extern <-> firewall (4) intern ->> extern JW> The problem is (5) extern -> intern JW> (currently i do a remote control of the firewall, which does a remote JW> control of an internal computer, but that's pretty shitty) JW> I do not know the right questions. Is it a firewall-, routing-, or JW> masquerading-thingie? How do I address internal computers anyway? In the earlier version of SuSEfirewall it was section 14 of /etc/rc.config.d/firewall.rc.config You needed to set up the FW_FORWARD_MASQ_TCP variable. The only problem seems to be that you'll have 1 publicly visible IP addess/vnc port combination, which won't allow you to connect to multiple internal vnc servers. However, if you can make vnc listen on a different port (5902, 5903) on each internal machine it might just work... You should then be able to connect to real_ip:2 real_ip:3 etc... I'd be interested to hear how you get on... Mark