Hi All, I have a question regarding the configuration of a SuSEfirewall running pptpd (VPN server). This is our current configuration: -------------- --public static IP()-| SuSe Linux |-eth1(192.168.1.1/24)--| -------------- | ---------- | Switch | ---------- -------------- | | | | Solaris A |-eth0(192.168.1.2/24)-----| | | -------------- | | -------------- | | | Solaris B |-eth0(192.168.1.3/24)--------| | -------------- | ----------------- | | DHCP machines |-eth0(192.168.1.X/24)-----------| ----------------- The SuSE Linux machine is running the firewall software (SuSEfirewall) as well as working as a masq server for the internal machines behind the firewall. I'd like to be able to handle incoming requests to the firewall from Windows client (or Linux clients running pptp). The key is to provide access to Solaris machine A but I'd like to be able to see all machines on the 192.168.1.0 subnet. I have the pptpd package working and I have the correct prots open on the firewall to handle VPN connection. My question is though how to assign IP addresses on the ppp connections that are setup when a VPN connection is active ? Should both ends be part of 192.168.1.0 or something else ? Second question is how to enable forwarding of the packets on the pppX device to the internal network ? I can get traffic through if I enable all ports in the firewall for TCP_FORWARD and UDP_FORWARD but I don't understand how to distuinquish between packets from the ppp0 device that should be forwarded to eth1 compared to packets from eth0 from the same address (in this case 192.168.3.1) that I definately don't want forwarded inside the firewall. Any help appreciated. Thanks Daniel Nilsson