Maybe you get a problem here with the access to the DMZ server from the internal network to the external IP address.
The internal machines use the private IP of the server. The server is pingable, albeit no response from port 80.
http://lists.suse.com/archive/suse-security/2002-May/0415.html
I only have 1 external IP and 1 server.
No ping, nothing!? What about the logs on the firewall?
The logs indicate that packets disappear on the firewall without trace.
You need access from the internet to your domain name server!? You have a ntp server (like xntpd) on the firewall which must reachable from the internet only?
Ignore these exact settings for now, it's not part of the problem (and yes, your xntp daemon reads the time servers on port 123).
FW_FORWARD=" 192.168.2.0/24,192.168.1.1,tcp,80 192.168.2.0/24,192.168.1.1,tcp,443
Uohhhh, that can't work well, I think, better is:
FW_FORWARD="\ 192.168.2.0/24,192.168.1.1,tcp,80 \ 192.168.2.0/24,192.168.1.1,tcp,443 \
That makes absolutely no difference (tried that before posting, and again now). iptables -nvL shows a lot of rules with ACCEPT target and with ports 143 and 123 (didn't check the other ports). Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.orcon.net.nz/ Please do not CC list postings to me.