I am having problems getting my VPN software to work correctly on a client machine behind my SuSE 8.0 firewall box and was hoping for some help. The client uses the Checkpoint Securemote client to connect to a remote network. I found a FAQ page on changes to firewall rules to make this work, but the instructions are a little unclear to me and I am not sure how to integrate them with SuSEfirewall2. I have pasted part of the FAQ and my current Firewall variables below. Suggestions would be very welcome. Thanks! David The FAQ ( http://www.phoneboy.com/faq/0372.html ) suggests adding rules like this: fw1-ip is the external IP of your firewall client-ip is your SecuRemote Client linux-ip is the IP of your Linux host ext_if refers to external interface /usr/sbin/iptables -A input -s linux-ip -d fw1-ip -p udp --dport 500 -j ACCEPT /usr/sbin/iptables -A input -s linux-ip -d fw1-ip -p 50 -j ACCEPT /usr/sbin/iptables -A input -s fw1-ip -d linux-ip -p udp --dport 500 -j ACCEPT/usr/sbin/iptables -A input -s fw1-ip -d linux-ip -p udp --dport 2746 -j ACCEPT /usr/sbin/iptables -A input -s fw1-ip -d linux-ip -p 50 -j ACCEPT /usr/sbin/iptables -A forward -s linux-ip -d fw1-ip -j ACCEPT /usr/sbin/iptables -t nat -A POSTROUTING -o ext_if -j MASQUERADE How should I do this with SuSEfirewall2? variable in /etc/sysconfig/SuSEfirewall2 --------------------------------------- FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP="113 ssh" FW_SERVICES_EXT_UDP="domain" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="domain" FW_SERVICES_INT_UDP="domain" FW_SERVICES_INT_IP="domain" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no"