My apologies if this is not the right place to ask for help with regards to SuSEfirewall2, in which case please point me in the right direction. I'm running an out-of-box install of SuSE 7.3, kernel 2.4.10 and using Marc Heuse's SuSEfirewall2 script. I've gone through the examples and readme and everything works fine except for port forwarding. My scenario: Internet ------ Firewall ------- LAN | DMZ I'm running a DNS server on a private ip address in my DMZ and I need the firewall to automatically forward all requests to tcp + udp 53 to my DNS server, which is 192.168.1.2. I've set up the following in firewall.rc.config: FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,53 0/0,192.168.1.2,udp,53" FW_SERVICE_DNS="yes" FW_SERVICES_EXT_TCP="53" <---- curious, are these necessary? I assume so because if port 53 isn't open the firewall will drop the packet before port forwarding FW_SERVICES_EXT_UDP="53" I don't think it is a BIND9 problem because I can successfully contact and resolve names from both my DMZ and my LAN (using the private IP address). I just can't get the internet to see my DNS server. Also, do I need to have inetd running at all? Luke Loh Network Engineer Nicholls Price Pty Ltd Ph : 61 2 9222 9155 Fx : 61 2 9222 9166 www.nph.com.au Level 1, 70 Pitt Street Sydney NSW 2000