Hi list. 1) What is NEW_FW_MASQ_DEV good for? I have in my /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT="eth0 eth0:3" and FW_MASQ_DEV="$FW_DEV_EXT" but in /sbin/SuSEfirewall2 (from SuSEfirewall2-3.1-26) FW_MASQ_DEV is "filtered" and eth0:3 discarded. So after this filtering I have only FW_MASQ_DEV="eth0". Is this needed/wanted? Why? ========== 2) I'm trying to connect from a public external ip (a) to a private internal masqueraded ip, over the public ip address (b) at eth0:3. From tcpdump on both the external and internal devices, pakets are being correctly forwarded from ext to int, but when responses arrive at the internal device they are being dropped on the last forward_int chain rule. For this to work I have set on /etc/sysconfig/SuSEfirewall2 FW_FORWARD_MASQ="1.2.3.4,192.168.30.15,tcp,2222,22,5.6.7.8" where 1.2.3.4 is the ext source public ip (a) and 5.6.7.8 is the public ip address (b) Does someone have any clue? ========== 3) What do _ext/_int/_dmz mean on forward_xxx or input_xxx ? [forward|input]_pakets_COMING_FORM_xxx or [forward|input]_pakets_GOING_TO_xxx ??? Many thanks, Richard