Hello, after resolving this and that problem i yet still have problems with configuring the firewall script this is my scenario and what i have tried, i have the following setup Internet | S0 -------------- | internet | | cisco router | -------------- | F0 195.165.91.1 mask 255.255.255.240 | | | ---------- ---------- | HUB |----------------| server | 195.165.91.3 ---------- ---------- | mask255.255.255.240 | | | 195.165.91.2 netmask 255.255.255.240 GW 195.165.91.1 -------------- | SuSE 7.3 | | |----------------| 195.165.91.129 | | netmask 255.255.255.192 -------------- | 195.165.91.193 netmask 255.255.255.192 | and the following /etc/rc.config.d/firewall2.rc.config configuration FW_DEV_EXT="eth0" FW_DEV_INT="eth2" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="no" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="22" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="193.64.53.192/26" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="0/0,195.165.91.140,tcp,12345 0/0,195.165.91.140,tcp,1234 0/0,195.165.91.140,tcp,1433 0/0,195.165.91.140,tcp,5800 0/0,195.165.91.140,tcp,5801 0/0,195.165.91.140,tcp,5900 0/0,195.165.91.140,tcp,5901" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" (is it really so that FW_FORWARD="" all the input has to be in one line so that it works?, when i tried to add the input as a new line it just did not read my settings!) and this is what im trying to achienve Internet -> Firewall allow (SSH) internet -> internal network deny Internet -> DMZ allow 195.165.91.140 ports 1234, 12345, 5800, 5801, 5900,5901 DMZ -> Firewall allow (SSH) DMZ -> Internal network deny DMZ -> Internet allow (all internet port 1999) Internal network -> Firewall allow (SSH) Internal network -> Internet allow (all internet ports 80, 22, 443, 8080 and 195.165.91.3 all ports) Internal network -> DMZ allow (195.165.91.140 all ports, 195.165.140 port 21, 22, 80) what do i have to do to get this to work, ive lost time and im late on project delivery, if i will not be able to figure this out im going to have to ignore the SuSE firewall scripts and just use plain IPTABLES which wouldnt be nice, all help would be greatly appreciated, regards O.