Hi, I've got/want to build the following environment: Firewall: 14 ext. IP's bound to eth0:0...eth0:13 1 internal IP 192.168.1.199 (of course...) on eth1 Masquerading of the internal network Acting as public DNS Acting as proxy (squid) for the local network Mail- and Web-Server in internal network (192.168.1.200) I want to: * local PC's should more or less be allowed to get access to the usual services * foreign PC's should only be allowed to get dns, www and smtp/pop access * foreign PC's requesting www or smtp/pop services should be forwarded/masqueraded to 192.168.1.200 * ssh should be allowed for the firewall and eventually also be forwarded/masqueraded (on another port?!?) to 192.168.1.200 * everything else should be forbidden Since I couldn't manage to get SuSEfirewall 4.2 to work (everything works fine apart from the forwarding/masquerading of www/smtp/pop to the internal machine 192.168.1.200): does anybody please have an ipchains (rc.firewall) script that does more or less what I described? It's especially difficult to find an ipchains sample that does aliasing on the external interface AND port forwarding or masquerading to an internal machine. Is there something else I have to to on the firewall? Routing etc. to the outer world looks fine, ifconfig looks fine. Everything works perfect as long as the Web- and Mail-Server reside on the firewall - but that's what I need to avoid. Thanks a lot in advance!