Ok, I've done my best to get this working over the last few days. And I know I'm missing something really obvious. The SuSE box dials up my ISP fine, and Internet access works fine from this box. The Win98 box can access the SuSE box without a problem. At this point all I want is masquerading -- the Win98 box on the internal network should have full access to the SuSE box services, too. I get this in /var/log/messages when trying to access an external web site via the Win98 PC (the Win98 is 192.168.0.98). Mar 18 07:53:08 SuSE kernel: Packet log: forward DENY ppp0 PROTO=6 192.168.0.98:1152 209.144.167.153:80 L=48 S=0x00 I=43797 F=0x4000 T=127 SYN (#2) SuSE 6.3 firewal 2.0-5 loaded by rpm yesterday. SuSE box: 192.168.10.99 Win98 box: 192.168.10.98 Using: /sbin/init.d/firewall start or SuSEfirewall start /etc/rc.config: START_FW="yes" FW_DEV_WORLD="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.10.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="no" FW_SERVICES_EXTERNAL_TCP="" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="" # Common: domain FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain FW_SERVICES_INTERNAL_UDP="" # Common: domain FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!) FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "dns" FW_SERVICE_DNS="no" # if yes, FW_TCP_SERVICES_* needs to have port 53 FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address FW_SERVICE_DHCPD="no" # set to yes, if this server is a DHCP server FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" Bill Moseley mailto:moseley@hank.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/