I've got a VPN server setup, and after HOURS of debugging the stupid setup, I've finally reached a stopping point: SuSEfirewall2 doesn't work like it used to. I used to be able to say something like this: FW_DEV_INT="eth0 ppp0" And it would wrap the VPN connections into the LAN, and I'd be done. Now I'm saying: FW_DEV_INT="eth-id-00:a0:c9:2a:4b:03 ppp0" But I'm getting this sort of error message: Jan 8 22:54:39 server1 kernel: SFW2-FWDint-DROP-DEFLT IN=ppp0 OUT=eth1 SRC=172.16.0.200 DST=172.16.0.1 LEN=96 TOS=0x00 PREC=0x00 TTL=127 ID=14905 PROTO=UDP SPT=137 DPT=137 LEN=76 Why is the firewall blocking packets between 2 internal interfaces? Regards, dk P.S. One of the things I struggled the longest with was the fact that the /etc/ppp/ip-up script calls SuSEfirewall2 *immediately* after handing out an IP address. This confuses pptpd, which needs to wait a few seconds. It appears that there aren't any options for making it do this. (I tried "stimeout 30" in /etc/pptpd.conf, but that didn't work. That parameter isn't in the man page, so maybe Google showed me an older option. Whatever.) The only thing that would work was to comment out the place where SuSEfirewall2 is invoked in /etc/ppp/ip-up, wait a few extra seconds, *then* run SuSEfirewall2. I can put a "sleep 15" or something in that function, but now I'm finding that it continues to block the packets as above.