Hello, Last days I've been changing the settings of my Suse Linux Standard Server 8.0 firewall (SuSEfirewall2) but I can't get it runs ok. This machine is running as firewall/proxy-server since some months ago without problems, but now we need to have a masquerared server behind it and I can´t get it. I've visited a lot of webpages and the "SuSE Firewall2 Understaning and Using" by Togan Muftuoglu but I can't see where is the problem. I'm sure it's a silly thing but my eyes can see it. So I hope your eyes can help me. I send you an schema of the network, the SuSEFirewall config file, and the log I get. Thanks in advance, Rubén Díez -------------------------------------------- Description ---------------------------------------- I need to see from de external network the Tomcat Service (192.168.5.2:8080) as a masquerared service of the Firewall (192.168.2.2:8080). I can see the Tomcat Service from the Internal network and from the firewall, but I can't see it from the external network. Notes: - The firewall acts as http and https server and I can see these services from the external network, so I'm only having problems with the masquered services. - The internal network machines have access to the external network throw the firewall without problems (http requests are managed by a transparent proxy server). --------------------------------------- Network schema --------------------------------------- External Net (192.168.2.0/24) | eth1(192.168.2.2) FIREWALL eth0(192.168.5.1) | Internal Net(192.168.5.0/24) | Tomcat Server (192.168.5.2) -------------------------------- /etc/suseconfig/SuSEfirewall2 ------------------------------ FW_QUICKMODE="no" FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.5.0/24" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="http https pop3 smtp" FW_SERVICES_EXT_UDP="500" FW_SERVICES_EXT_IP="50" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="no" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="auto" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="yes" FW_FORWARD="" FW_FORWARD_MASQ="192.168.2.0/24,192.168.5.2,8080" FW_REDIRECT="192.168.5.0/255.255.255.0,0/0,tcp,80,3128" #This is for transparent Squid proxy-server FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" FW_REJECT="no" ------------------------------------- End of file etc/sysconfig/SuSEfirewall2 Log file ------------------------------------------ Jul 22 11:01:18 servabello05 kernel: SuSE-FW-DROP IN=eth1 OUT= MAC=00:0d:9d:97:e5:16:00:0c:76:81:e7:f1:08:00 SRC=192.168.2.140 DST=192.168.2.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=648 DF PROTO=TCP SPT=32820 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A002BA8D70000000001030300)