Beg me pardon If I jump in the middle of a thread, But the subject lend me to a reflexion. You must very thoroughsly define in the firewall UI the different net segments, what is not done at present time. You must distinguish clearly: * the external net (=Internet or the hardware router if any) * the DMZ if any * the local(s) net (private adresses) * __the local machine__ the problem is important because for Iptable the local machine is a special one and in most small networks this very same machine is not only the gateway, but also the server Let me state that in "normal" network organisation the web, ftp, mail server should go on the DMZ. In that case they are identified by they interface name. But many DSL users now have a gateway/router/server... and little net expertise. In fact it's for _these_ people that the Firewall configuration must be the better designed (the experienced users can make themselves the iptables instructions). So, define your vocabulary and explain... For example, configuring postfix is extremely difficult because the domain name is undefined. You have a local net domain name (private IP) may be (or may be not) a public domain name (dodin.org, for me) and don't know what is the gateway name... what is the "hostname" of the gateway? You are probably not aware of these problems (I beg they are not problems for you :-), but for me they are and I manage a server for several years now :-( thanks jdd -- http://www.dodin.net http://dodin.org/galerie_photo_web/expo/index.html http://lucien.dodin.net http://fr.susewiki.org/index.php?title=Gérer_ses_photos --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory-help@opensuse.org