Hi Peter, something came to my mind as I read the mail from Ray: maybe its in your MASQ/SNAT rules on GW2. I guess you use Masquerading for outgoing trafic from NET2? In this case you should exclude traffic to 192.168.0.0/16 from this rule. I dont use SuSEFirewall, but the shellcommand for SNAT is something like: iptables -t nat -I POSTROUTING -s $ownnet -d ! 192.168.0.0/16 -j SNAT --to-source $badIP where $ownnet is my internal (something like 192.168.22.0/24) and $badIP is the external IP of the FW. Greetings, Thomas -- www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI -> CyberOne Award -> Winner Crossroads A-List Award USA -> IBM Solution Excellence Award winner for Hot Java Solution -> European Information Society Technologies Prize Winner -> Made with ArcStyler: http://www.io-software.com/customers -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com ----- < iO > --------------------------------------------------------- Interactive Objects Software GmbH mailto:Thomas.Kerkau@io-software.com http://www.io-software.com Basler Strasse 65, D-79100 Freiburg, Germany Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73 ----------------------------------------------------------------------