Dear List, I use SuSEfirewall to give access to the internet for few users in my company. Also there is a mailserver in a DMZ wich is accessable by all users from internal and the internet. Now I like to use SuSEfirewall2, but suddenly no one can reach the mailserver from internal as they used to do. (everything else works fine) I tried several "hooks" in SuSEfirewall-custom.rc with no success. Is there a solution ? So I can use SuSEfirewall2 as I did with SuSEfirewall ? (I think there must be a way to let the internal into the DMZ like they came from external?) Like a forwarding rule in firewall2-custom.rc.config?? It all did work with SuSeFirewall(1) Any help or hint is welcom. (desparate) This is my SuSEfirewall2.rc; # eth0-addr:10.0.0.100 hooked to ADSL Modem: 10.0.0.138 # eth1-addr:10.3.65.6 internal network # eth2-addr:192.168.50.1 =DMZ, Mailserver:192.168.50.10 DEV_EXT="ppp0" FW_DEV_INT="eth0 eth1" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="10.3.0.0/16,0/0,udp,53 \ 10.3.65.102/32,0/0,tcp,80 10.3.65.104/32,0/0,tcp,80 10.3.65.105/32,0/0,tcp,80 \ 10.3.65.160/32,0/0,tcp,80 10.3.65.162/32,0/0,tcp,80 10.3.71.100/32,0/0,tcp,80 \ 10.3.68.107/32,0/0,tcp,80 192.168.50.10/32,0/0,udp,53 192.168.50.10/32,0/0,tcp,1:65535" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="21 23" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="10.0.0.138/32" #adsl modem FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="0/0,192.168.50.10,tcp,25 \ 0/0,19.168.50.10,tcp,80 0/0,192.168.50.10,tcp,143 \ 0/0,192.168.50.10,tcp,21 0/0,192.168.50.10,tcp,110" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" # END of rc.firewall FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="yes" #FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config" Thank you, Bert Oostergetel