Ok...Maybe I'm not getting something. I have a SuSE 7.2 machine with 2 network cards. eth0 is world device (Real Static IP) and eth1 (Private Static IP) is internal device. Masquerading is happening for machines on the internal network. Everything is working fine. Masquerading works. Internal machines can get to the outside world. The outside world can only get to the services that are open on the firewall. All is good. BUT, The SuSE machine is a webserver, gameserver, etc... and there is a need for internal machines to access services on the world device (eth0), however, they can't. For example, if an internal machine tries to get a webpage from the webserver and uses the Internal address on the webserver, everything works fine. But if you try and get the same page using the external address, nothing works. In the firewall2.rc.config file, I have www listed in both the FW_SERVICES_EXT_TCP and FW_SERVICES_INT_TCP. However I always get a message in the /var/log/firewall log saying that it denied a request on eth1 for DPT=80. What am I missing? Losing hair...hehehe TIA, Tall0n -- GregWorld.com