following i want to use for internet topology:

I'm snipping your ASCII art for brevity.

Internet -- eth0 62.153.xxx.190/255.255.255.192 (= /26) Router outside [DMZ: 62.153.xxx.134/255.255.255.224 (= /27) Router inside/Firewall eth0 (local Lan) 192.168.2.29

It's only an Idea from me, is it possible to set up the DMZ like this, I've an ip-range of 64 addresses ( network 62.153.xxx.128/255.255.255.192)

OK, you've got an official 26-bit network. You can subnet that into two 27-bit networks, yes. However, you should apply that mask to the outside interface as well and have your ISP modify his interface accordingly and add a route to the DMZ subnet, pointing at your router. This is the most straightforward and hard to mess up solution. Alternatively you can fake the non-existence of your DMZ by mucking around with Linux' IP capabilities. The two alternatives I can think off right now are proxy arp and a combination of IP aliasing, IP masquerading and port forwarding. Proxy arp is the less dirty of the two, it makes your outside router answer arp requests for the machines in the DMZ and is thereby addressed by machines in the network between it and your ISP's router. See http://www.linuxdoc.org/HOWTO/mini/Proxy-ARP-Subnet/index.html for details. The other possibilty is to add the DMZ server's IP addresses to the the exterior router's eth0 interface with IP aliasing and to use RFC1918 addresses in the DMZ. Using port forwarding, you can redirect traffic from the router to the DMZ and masquerade the return traffic. Both of these alternatives are hacks, more or less, to circumvent the need for your ISP to do anything or, in fact, notice any change. However, they are administratively much more complicated. It's your call.

Outside of the DMZ there are more WWW-Server, only one of these should be in the DMZ, because on this host are running some special software.

Why shouldn't all of your public servers go into a DMZ? I'd probably advise you to get an additional 30-bit or 29-bit subnet from your ISP to place the exterior router and the ISP's router in and use your 26-bit network in one or more DMZs.

If i try it like this, i've problems with the routing, the DMZ is pingable from the "Router outside" but i can't reach the Internet from this Router.

Hmm, your routing is probably mucked up.

Perhaps some people can help me set up the routing correctly and perhaps could tell (explain) me the mistakes i make!

The following should work on the exterior router: /sbin/route add -net 62.153.xxx.128 netmask 255.255.255.224 dev eth1 /sbin/route add -net 62.153.xxx.128 netmask 255.255.255.192 dev eth0 You need to add both routes to the machines in front of the exterior router as well as in the DMZ for routing between these networks to function. These need to specify the exterior router as the gateway to use, of course. HTH, Tobias