Hi, I opened all highport, but still the zone cannot transfer. I used Bind9 and my named.conf is very standard, and I put the allow-transfer on global options. Do you have other suggestion? Kind Regards, M. Edwin -----Original Message----- From: Knut Erik Hauslo [mailto:KNUTH@voelcker.com] Sent: Wednesday, July 23, 2003 3:48 PM To: Moh Edwin Cc: suse-security@suse.com Subject: RE: [suse-security] SuSE firewall2 configuration for zone transfer Correct, you need to open Highports_TCP too. However, I did encounter some problems when using FW_ALLOW_INCOMIN_HIGHPORTS_TCP="ftp-data" so i changed ftp-data to yes. Cheers, Knut Erik -----Original Message----- From: M. Edwin [mailto:edwin@nsi.co.id] Sent: Wednesday, July 23, 2003 9:10 AM To: Knut Erik Hauslo Cc: suse-security@suse.com Subject: RE: [suse-security] SuSE firewall2 configuration for zone transfer It means I also have to open highport TCP and TCP 53, right? My current firewall setting for TCP high port is FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" regards, Edwin