Hello, I'd like to allow external access to my home network (eth0:24.x.x.x/24, eth1:172.16.0.0/16) from a trusted private subnet (192.168.0.0/24) via freeswan. The freeswan vpn works correctly, provided I use a simple packet filter: ipchains -P forward DENY ipchains -A forward -p all -j ACCEPT -s 172.16.0.0/16 -d 192.168.0.0/24 ipchains -A forward -p all -j ACCEPT -s 192.168.0.0/24 -d 172.16.0.0/16 ipchains -A forward -p all -j MASQ -s 172.16.0.0/17 -d 0.0.0.0/0 However, I can't get the private subnet routing to work with firewals. My home machine is running SuSE 6.3 and the gateway to the other subnet is a RedHat 6.1 machine using an ipchains script from the freeswan documentation. I'd prefer to use the SuSE script on my home machine. Is it possible to configure this beast to route between two private masqueraded subnets? My current configuration is below: FW_DEV_WORLD="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="172.16.0.0/16" FW_MASQ_DEV="eth0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_SERVICES_EXTERNAL_TCP="ssh smtp ntp" FW_SERVICES_EXTERNAL_UDP="ssh smtp ntp 500" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_INTERNAL_TCP="" FW_SERVICES_INTERNAL_UDP="" FW_TRUSTED_NETS="24.x.x.x 172.16.0.0/16" FW_SERVICES_TRUSTED_TCP="" FW_SERVICES_TRUSTED_UDP="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="yes" FW_SERVICE_DHCPD="no" FW_FORWARD_TCP="" FW_FORWARD_UDP="" FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="no" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" -- John Ross Hunt bigboote@mediaone.net mailto:bigboote@mediaone.net -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/