Hi Gang ! Given the following scenario...Firewall running SuSE 7.3 / SuSEfirewall2 with 3 NICs: ************ * Internet * ************ * "Real" IP address * eth0 * ************ eth1 ****************** * Firewall ********** DMZ - www/mail * ************ ****************** * eth2 * * ************ * switch * ************ * * * * * * *********************** * Internal Machine(s) * *********************** If AA.aaa.aaa.aaa is a private IP on eth1 and BB.bbb.bbb.bbb is private IP on eth2 (to feed the rest of the network) How are questions answered in /etc/rc.config.d/firewall2.rc.config to get to the dmz computer ?? This is what I have (and I get dropped in the firewall without seeing the DMZ) ... I know I have NOT yet turned on mail, because I want to see www services running first..... FWD_DEV_EXT="eth0" FWD_DEV_INT="eth2" FWD_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASW_DEV="$FW_DEV_EXT" FW_MASQ_NETS="BB.bb.bbb.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="www" FW_SERVICES_EXT_UDP="www" FW_SERVICES_EXT_IP="www" FW_SERVICES_DMZ_TCP="domain www" FW_SERVICES_DMZ_UDP="www" FW_SERVICES_DMZ_IP="www" FW_SERVICES_INT_TCP="www" FW_SERVICES_INT_UDP="www" FW_SERVICES_INT_IP="www" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" ?? -or- FW_FORWARD="0/0,AA.aaa.aaa.aaa,tcp,80" ?? FW_FORWARD_MASQ="0/0,AA.aaa.aaa.aaa,tcp,80" FW_REDIRECT="" ?? -or- FW_REDIRECT="0/0,AA.aaa.aaa.aaa,tcp,80" ?? The "-or-" is my guessing.....no combination seems to work, any help appreciated. What am I missing ?? I always get dropped in the "firewall" box and never get to the web-server. The SuSEfirewall2 examples given by Marc do not seem to address the setup I am attempting ... Is my inherent design bad ? - Bill