Hi SuSE Security, I'm new to this list. Due to changed to Excite at home shutting down, I had to make some changes to my firewall config. I used to have a static IP and everything worked great, but now I have a dynamic IP assigned via DHCP. Behind my SuSE 7.1 machine, I'm running a LAN that uses masquerading through the SuSE machine. I'm getting my DHCP offer just fine, and have hull access to the Internet from my SuSE machine, but I cannot access the Internet from any machine behind the SuSE machine. I've tweaked everything I can in /etc/rc.config.d/firewall.rc.config and restarted my firewall many times. Any ideas? I'm running kernel 2.4.2, if it makes a difference?? thanks in advanced! -- Ryan here is my firewall config: FW_DEV_WORLD="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="10.10.55.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice FW_SERVICES_EXTERNAL_TCP="20 21 22 80 8080 6346" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="20 21 " # Common: domain FW_SERVICES_EXTERNAL_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain FW_SERVICES_INTERNAL_UDP="" # Common: domain syslog FW_SERVICES_INTERNAL_IP="" # For VPN/Routing which END at the firewall!! FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!! FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!) FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "DNS" or "domain ntp" FW_SERVICE_DNS="no" # if yes, FW_SERVICES_*_TCP needs to have port 53 # (or "domain") set to allow incoming queries. # also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes" FW_SERVICE_DHCLIENT="yes" # if you use dhclient to get an ip address # you have to set this to "yes" ! FW_SERVICE_DHCPD="no" # set to "yes" if this server is a DHCP server FW_SERVICE_SAMBA="no" # set to "yes" if this server uses samba as client # or server. As a server, you still have to set # FW_SERVICES_{WORLD,DMZ,INT}_TCP="139" # Everyone may send you udp 137/138 packets if set # to yes! (samba on the firewall is not a good idea!) FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_FORWARD_IP="" # Beware to use this! FW_FORWARD_MASQ_TCP="" # Beware to use this! FW_FORWARD_MASQ_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" ## # END of rc.firewall ## #-------------------------------------------------------------------------# # # # EXPERT OPTIONS - all others please don't change these! # # # #-------------------------------------------------------------------------# # # FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" #FW_CUSTOMRULES="/etc/rc.config.d/firewall-custom.rc.config"