it just might help if you could provide the routing table from the firewall/gateway as well. or test this: if you just for a test disable the firewall and reenable the routing, does the connection to citrix work or not? also, for clarification, port611 is citrix? plus one hint, it might help if you use tcpdump on the firewall to see if any citrix paqckets go to the remote office, and if they get an answer. Miguel Albuquerque <mfoacs@e-workshop.ch> wrote:A company wants to use it's SuSE Linux PC to access the internet via an ADSL router but wants the clients PC not reacheable from outside. The firewall provides no services whatsoever from outside the local area network. To inside network it provides an dhcp server. Plus, they need to access Remote LAN Servers using Citrix, IKA and Oracle. Most of the clients (win 98) are unable to connect to internet and then switch to Citrix or whatever without rebooting. The picture: internet � � ppp0 10.17.4.1 � � SuSEfirewall2 (8.0) 10.17.4.2 ----------------------------- Remote Office � VAX: 10.17.16.1 (local) � GW1: 10.17.2.1 � GW2: 10.1.2.1 � GW3: 10.192.2.10 � � LAN (was 10.17.20.0) 192.168.0.0/24 By reasons that I ignore, the folks at other side complain, if LAN and the DSL's internal IP are in the same subnet (it masquerades the public IP). I configured the FW: FW_DEV_EXT="ppp0 eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24, 10.0.0.0/16 10.0.0.0/16, 192.168.0.1/24" FW_REDIRECT="192.168.0.0/24,10.17.2.1,tcp,611,611,192.168.0.0/24,10.17.2.1,udp,161,161, 192.168.0.0/24,10.17.16.1,tcp,23,23" What is wrong? Internet connection works fine, but none to the Remote Office. One more info: the gateways listed above are in a Cisco. I've listened some complains to connect SFW2 with a Cisco Router. Any help will be welcome! -- <> .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch _____________________________________________________________ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here Mit freundlichen Gruessen Patrick Thempel mail:patrick_thempel@yahoo.com --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now