I am trying to configure my firewall to accept remote SSH logins, but it will not. Configuration: Linux server (combination internet gateway, router, and primary workstation) running SuSE 9.0 (brand new install; replaced RedHat 8.0 a week ago, where this problem did not exist). Windows 2000 laptop (my employer's), and Windows XP laptop (my wife's). All internal LAN access is fine, SMB file and printer sharing works, workstations can all get out to the internet, no problems there. But when I try to come in from the internet and open a SSH session with the firewall up, it will not connect. When I try with the "SuSEfirewall test" command, it goes through okay (so I know sshd is running correctly). Here's my /etc/sysconfig/SuSEfirewall2, with all the comments and blank lines stripped, my comments added: FW_QUICKMODE="no" FW_DEV_EXT="ppp0" # I use DSL FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh http 5800:5805" # 580x, 590x: VNC FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="ssh domain netbios-ssn" # netbios-ssn for SAMBA FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV=""