I know this gets hashed to death in various forums, but I've not been able to find someone who tries to do this like I've done it. (I've had this working in the past, but now it's not working, and I don't know what I've changed.) I've got a box running a small network. It's got two NIC's, one for the internal network, and one for the DSL connection. I want to have Windows machines on the outside connect to the internal network through PPTP VPN tunnels. All this works fine. The problem is that SuSEfirewall2 blocks the traffic between the Windows clients and the Samba server behind the firewall. What I've been trying to do is this: FW_DEV_INT="eth0 ppp0" But I get these in /var/log/messages: Feb 10 09:50:39 firewall kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT=eth0 SRC=192.168.0.112 DST=192.168.0.3 LEN=96 TOS=0x00 PREC=0x00 TTL=127 ID=1010 PROTO=UDP SPT=137 DPT=137 LEN=76 In /etc/pptpd.conf, I'm assigning the same IP addresses to both sides of the VPN connections as the rest of the internal network. However, the firewall config sees them as different given that they're on separate network interfaces. I would have thought that the FW_DEV_INT line would sort of "merge" these interfaces, but it's not happening. Like I said, I know that this worked at one time, but now it's not. Perhaps the SuSEfirewall2 package got revised and stopped this hack from working. That's fine even if it did; I just need to get this working. I tried setting FW_TRUSTED_NETS="192.168.0.0/24", but that didn't get it. My next thought was to make some entries in the FW_FORWARD section, but I can't specify forwarding between the same class C network. I'd have to change the IP addresses that I'm handing out with pptpd. That'd be fine, but it used to work, and I wonder if I'm overlooking something simple. It seems like it would be more work to manage this if I had to do that. Thanks, dk