Danke fuer die angebotene Hilfe, na klar habe ich FW_MASQ="yes" gesetzt. Ich habe mich an das Kochrezept von Suse gehalten. Hier aber zur Sicherheit nochmals meine /etc/rc.firewall: FW_DEV_WORLD="ippp0" FW_DEV_INT="eth0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_LOCALNETS="192.168.1.0/24" FW_KERNEL_SECURITY="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_PROTECT_FROM_INTERNAL="no" FW_UDP_SERVICES_EXTERNAL. FW_TCP_SERVICES_EXTERNAL="" # Common: smtp www domain FW_UDP_SERVICES_EXTERNAL="" # Common: domain FW_TRUSTED_HOSTS="" FW_TCP_SERVICES_TRUSTED="" # Common: ssh FW_UDP_SERVICES_TRUSTED="" # Common: syslog time ntp FW_TCP_SERVICES_INTERNAL="" # Common: ssh smtp domain www FW_UDP_SERVICES_INTERNAL="" # Common: domain FW_TCP_ALLOW_INCOMING_HIGHPORTS="" # Common: "ftp-data" (sadly!) FW_UDP_ALLOW_INCOMING_HIGHPORTS="dns" # Common: "dns" FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_ALLOW_FW_PING="no" # # #-------------------------------------------------------------------------# # # # EXPERTS OPTIONS - all others please don't change these! # # # #-------------------------------------------------------------------------# # # # # 18.) # Allow (or don't) ICMP time-to-live-exceeded to be send from your firewall. # This is used for traceroutes to your firewall (or traceroute like tools). # # Please note that the unix traceroute only works if you say "yes" to # FW_UDP_ALLOW_INCOMING_HIGHPORTS, and windows traceroutes only if you say # "yes" to FW_ALLOW_FW_PING # # Choice: "yes" or "no", defaults to "no" # FW_ALLOW_FW_TRACEROUTE="no" # # 19.) # Allow ICMP sourcequench from your ISP? # If set to yes, the firewall will notice when connection is choking, however # this opens yourself to a denial of service attack. Choose your poison. # # Choice: "yes" or "no", defaults to "yes" # FW_ALLOW_FW_SOURCEQUENCH="yes" #FW_DEV_WORLD_ippp0="10.0.0.1 255.255.255.0" # e.g. for exernal interface ippp0 #FW_DEV_INT_eth0="192.168.1.1 255.255.255.0" # e.g. for internal interface eth0 FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" # # 14.) # Are you running some of the services below? # They need special attention - otherwise they won´t work! # # Set services you are running to "yes", all others to "no", defaults to "no" # FW_SERVICE_DNS="no" # if yes, FW_TCP_SERVICES_* needs to have port 53 # # 21.) # Which masquerading modules should be loaded? # REQUIRES: FW_ROUTE, FW_MASQUERADE # # (omit the path or "ip_masq_" prefix as well as the ".o" suffix!) # FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive"