I'm using SuSE 6.2 with the firewall package version 2.2 and decided to set up a firewall to protect our servers because of the growing number of portscanns and attacks showing up in my logs. I'm totally new to that whole thing and I just don't get it what's wrong. I got an internal net (192.168.0.0/24) and an external net (*.*.*.128/28), they are connected through masquerading (works fine). The thing I'm trying to do is to set up another box protecting the external net. The problem is that I got a router (*.*.*.129) stting in that external net which is handling the connections to the internet, so I have to let all the traffic of the router pass through the firewall. According to the documentation it should be no problem as it is exactly the thing mentioned at the end of it.. So I set up a test-network with 3 PCs that resembles the real network the firewall is supposed to protect: I'M NOT FIREWALLING ANY PORTS NET-MASK: 255.255.255.240 *.*.*.129 (router) | | *.*.*.130 (eth1 on the firewall) *.*.*.131 (eth0 on the firewall) | | *.*.*.132 (a www-server, gateway set to *.*.*.131) IP_FORWARDING is enabled. Everything is running fine. the www-server is able to ping the firewall (both devices), but it is nit able to ping the router nor is the firewall and all packages coming from the router are dropped due to the spoof-protection. Now I set FW_ROUTER in rc.config to *.*.*.129. I thought that from now on I should be able to ping the router from the www-server (or was I wrong) or from the firewall. But when I started a ping from the firewall or the www-server they don't get any reply. Now when I start a ping from the router to the firewall or the www-server they also don't return, but I get a log entry that the packages have been accepted. Please help me, cause I got no idea of what I'm doing wrong.