If you're using SuSEfirewall2 then you need to specify what services are on the firewall itself. I don't use SuSEfirewall2, but there is a config file in /etc/sysconfig. See sections 8 and 9 ... /etc/sysconfig/SuSEfirewall2 : " ## Type: yesno ## Default: yes # # 8.) # Do you want to autoprotect all running network services on the firewall? # # If set to "yes", all network access to services TCP and UDP on this machine # will be prevented (except to those which you explicitly allow, see below: # FW_SERVICES_{EXT,DMZ,INT}_{TCP,UDP}) # # Choice: "yes" or "no", if not set defaults to "yes" # FW_AUTOPROTECT_SERVICES="yes" ## Type: string # # 9.) # Which services ON THE FIREWALL should be accessible from either the internet # (or other untrusted networks), the dmz or internal (trusted networks)? # (see no.13 & 14 if you want to route traffic through the firewall) XXX # # Enter all ports or known portnames below, seperated by a space. # TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and # UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP. # e.g. if a webserver on the firewall should be accessible from the internet: # FW_SERVICES_EXT_TCP="www" # e.g. if the firewall should receive syslog messages from the dmz: # FW_SERVICES_DMZ_UDP="syslog" # For IP protocols (like GRE for PPTP, or OSPF for routing) you need to set # FW_SERVICES_*_IP with the protocol name or number (see /etc/protocols) # # Choice: leave empty or any number of ports, known portnames (from # /etc/services) and port ranges seperated by a space. Port ranges are # written like this: allow port 1 to 10 -> "1:10" # e.g. "", "smtp", "123 514", "3200:3299", "ftp 22 telnet 512:514" # For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2") # # Common: smtp domain FW_SERVICES_EXT_TCP="" ## Type: string # Common: domain FW_SERVICES_EXT_UDP="" # Common: domain ## Type: string # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="" ## Type: string # # Common: smtp domain FW_SERVICES_DMZ_TCP="" ## Type: string # Common: domain FW_SERVICES_DMZ_UDP="" ## Type: string # For VPN/Routing which END at the firewall!! FW_SERVICES_DMZ_IP="" ## Type: string # # Common: ssh smtp domain FW_SERVICES_INT_TCP="" ## Type: string # Common: domain syslog FW_SERVICES_INT_UDP="" # For VPN/Routing which END at the firewall!! FW_SERVICES_INT_IP="" " On Mon, 2003-07-28 at 18:10, edvega@racsa.co.cr wrote:

Hi guys... I had a SuSE 8.0 box acting as a Firewall (with 2 nics)... it also had installed an Apache Web Server, and my problem is that any of my internal Pc's can't reach any service at the Firewall Box.

I setup the Firewall Rules using YaST, and even set to don't protect the Firewall from the internal Network...

Any clue of how to setup or modify that box in order to allow internal traffic to legitime services provided by the Firewall on my internal Network ?

Thanks !!

bye

--ed -- -- Raymond Leach <raymondl@knowledgefactory.co.za> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --