If you use private addresses for your internal lan, then I think you have to masquerade these addresses. In your case, ping reaches the outside, but the reply never arrives because it is not routable. Andreas ----- Original Message ----- From: "maillist" <maillist@invenit.de> It is right that fw_allow_ping_fw=yes means that the firewall is pingable from the internet. But if the 3 options set to yes the ping should go through the firewall(dokumentation of the firewall script) What do you mean with masq the ping? How can I masq an icmp echo??? -----Ursprüngliche Nachricht----- Von: Stefan_Walther@gehag-dsk.de [mailto:Stefan_Walther@gehag-dsk.de] Gesendet: Montag, 16. Juli 2001 11:20 An: maillist Cc: suse-security@suse.com Betreff: Re: [suse-security] Suse firewall script question Hi, I think fw_allow_ping_fw means, that you can ping the firewall. The same I think is only meant for the firewall. I think you have to masq your pings, if you want to ping through your firewall to the internet. --- Hello I´m trying to set up a linux firewall box with 3 network devices. The first points to the internet gateway, the second to the DMZ(192.168.1.x) and the third to the internal network(192.168.2.x). I´m using Suse 7.0 and have installed the firewall script and squid proxy server. The squid runs fine html,ftp works. In the firewall script I have disabled routing and masquerading. Now I want to ping the internet from my internal network. But no request gets an answer.