I am setting up a network with SUSEfirewall2 and I want to use an FTP-server in the DMZ. As FTP I use Proftp I have a linuxbox with 3 interfaces one for the internal, one for external, and one i want to use for the DMZ. I cant get it to work By the way i want internal to connect to ftp too. Thanks for helping Lars Christiansen The firewall INTERNAl = 192.168.2.0/24 DMZ 10.0.2.1(FTP-server) FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="eth0" FW_MASQ_NETS="192.168.2.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ftp domain" FW_SERVICES_EXT_UDP="domain" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="ftp domain" FW_SERVICES_DMZ_UDP="domain syslog" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="www ftp domain" FW_SERVICES_INT_UDP="domain" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="192.168.2.0/24 10.0.2.0/24" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="yes" FW_SERVICE_DHCPD="" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="192.168.2.0/24,10.0.2.1,tcp,21" FW_FORWARD_MASQ="0/0,10.0.2.1,tcp,21" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no"