The line: Jan 17 16:10:29 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=80.15.76.155 DST=80.15.77.20 LEN=78 TOS=0x00 PREC=0x00 TTL=120 ID=34582 PROTO=UDP SPT=1030 DPT=137 LEN=58 tells us, that the firewall is at least blocking packets and that the firewall logs these, too. Can you post the output of the command: route -n from your firewall and your webserver and perhaps the output of the command route print from your windows box ? The setup following should work fine, but you will not be able to reach your webserver from the inside with the public ip of your ppp0 interface, just with the private ip 192.168.5.2. Please also try to get the newest version of the SuSEfirewall2 scripts, i ran into some trouble with an older version while trying to use FW_FORWARD_MASQ which ran fine after updating the scripts. The newest version is available under: ftp://ftp.suse.com/pub/people/garloff/linux/SuSE/RPMS/[SuSE-version]/SuSEfirewall2-* FW_DEV_EXT="ppp0" FW_DEV_INT="eth1" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="80" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="80" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="80" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="DNS ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="0.0.0.0/0,192.168.5.2,tcp,80" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" FW_LOG="--log-level warning --log-tcp-options --log-ip-option \ --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="no" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"