Hi all I'm using suse 9.0 as a mail and Proxy server with susefirewall2 in my Office. I have a win2003 server behind of firewall in my internal lan and I want to connect it from home by using vpn connection. Without susefirewall2 I could connect to win2003 server with iptables commands as shown below By the way I use adsl for the internet Win2003 server ip = 192.168.0.111 Linux server ext eth (connected to the adsl router) = eth2 Linux server internal ip = 192.168.0.5 /sbin/iptables -N pptp /sbin/iptables -A pptp -p tcp --destination-port 1723 --dst 192.168.0.111 -j ACCEPT /sbin/iptables -A pptp -p 47 --dst 192.168.0.111 -j ACCEPT /sbin/iptables -I FORWARD -j pptp /sbin/iptables -t nat -N pptp /sbin/iptables -t nat -A pptp -i eth2 -p tcp --dport 1723 -j DNAT --to 192.168.0.111:1723 /sbin/iptables -t nat -A pptp -i eth2 -p 47 -j DNAT --to 192.168.0.111 /sbin/iptables -t nat -A PREROUTING -j pptp Although I changed the parameters in /etc/sysconfig/SuSefirewall2 file listed below, I couldn't make any connection to win2003 server. FW_DEV_EXT="eth2" FW_DEV_INT="eth0 eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" FW_SERVICES_EXT_TCP="ftp 80 smtp ssh 1723" FW_SERVICES_EXT_IP="47" FW_FORWARD_MASQ="810/0,192.168.0.111,tcp,1723 0/0,192.168.0.111,udp,1701" Am I missing something ??