-----BEGIN PGP SIGNED MESSAGE----- Hi Frédéric!
if my public ip is 193.252.183.24 and i select URL http://193.252.183.24 in explore i must see my server web ?
That depends. *g* If you want to access your web server from a machine connected to the internal network (192.168.1.0/24), you need to give the _private_ IP address of the web server: http://192.168.5.2 If I would want to access your web server, I'd give the _public_ IP address of your firewall: http://193.252.183.24 There are two reasons for this: Access to the external/public IP of the firewall is prohibited from the internal network for security reasons, you will see a SuSE-FW-NO_ACCESS_INT->FW_EXT if you log dropped packets. Futhermore, the firewall does only DNAT (redirect) connections coming in from the masquerading interface (ppp0) to the web server in the DMZ. To be able to access your web server in the DMZ from the 192.168.1.0/24 net, you need to forward connections between the DMZ and the internal net. SuSEfirewall2 does not route anything between different subnets by default. Masquerading is not involved here, therefore you need at least to set FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80" This will allow access to port 80 on your web server from any machine in the 192.168.1.0/24 net. And, please set FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" to be able to see what exactly is going wrong. Regards, Andy - -- Andreas J. Mueller email: <andy@muelli.net> PGP RSA Public Key ID 0x3D41D941 FP: ED261973D51D3D20 C840B0542E69F602 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) iQC9AwUBPcvSV/obN5o9QdlBAQEsnQU/eqHZxsw042zzMexHI+Oy+s5+22EsBii5 WHYO3RaLijOir4QuYj/J4j3UP478/HLl3S1R2t5cxrkViV6Zrkj1YcR67TaJ4hhX C7QbssvzCnKZ4wcu+q88wJr6r0ACrodk321JzVWEDH0uq/L28lY6ENBmmHullzjk AN5qjjL4A8ygKasv3ZK8lgZ/TDJ57mA+BpFhiNFsaYjn438ThT/qpBLdZVkGZzdP =NpL/ -----END PGP SIGNATURE-----