I'm using SuSE 8.0 with SuSEfirewall2, and on my firewall I have ports for ssh,smtp,http and identd open to the outside, and the same ports plus pop3+samba open for the internal network. I also have an extra port (not 21) opened for my ftp service. My problem is that I can access all resources from the inside using the internal ip-adress of the firewall, ie I can view the web pages when calling http://192.168.0.1/ from any other machine on the internal network. It also works when I try to access the web server from the outside (using the external ip), BUT when I try to access the web server using the external ip (or the domain pointing to my firewall) nothing happens and i get this logged in /var/log/firewall: Jul 27 14:25:22 linux kernel: SuSE-FW-NO_ACCESS_INT->FWEXT IN=eth0 OUT= MAC=00:50:8b:03:d1:60:00:c0:26:59:d9:56:08:00 SRC=192.168.0.5 DST=213.66.148.171 LEN=64 TOS=0x08 PREC=0x00 TTL=128 ID=33688 DF PROTO=TCP SPT=3802 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B4010303000101080A000000000000000001010402) Same goes for when I try to access any of the other services from the inside using the external ip. How can I make this work? Here is my /etc/sysconfig/SuSEfirewall2 setup: FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="eth1" FW_MASQ_NETS="192.168.0.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="113 8000 http smtp ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="113 139 445 8000 http pop3 pop3s smtp ssh" FW_SERVICES_INT_UDP="137:138" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="192.168.0.0/24" FW_ALLOW_INCOMING_HIGHPORTS_TCP="8000" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="yes" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" Any help would be appreciated, thank you! Jonas