# 2.) # Which is the interface that points to the internet? # FW_DEV_WORLD="eth1"

Are vour directly connected to the DSL-Modem? Then try "ppp0".

FW_MASQ_NETS="192.168.1.0/32"

FW_MASQ_NETS="192.168.1.0/24" sounds better...

# e.g. "ippp0" or "" FW_MASQ_DEV="eth1"

FW_MASQ_DEV="$FW_DEV_WORLD" is better... because I think it's ppp0...

FW_SERVICES_EXTERNAL_TCP="smtp www ftp"

You REALLY want the Internet connect to your PC? Its not neccessary to connect TO the Internet...

FW_SERVICES_EXTERNAL_UDP="domain"

You REALLY want the Internet connect to your PC? Its not neccessary to connect TO the Internet...

FW_SERVICES_DMZ_TCP="smtp domain"

I think you do not need a DMZ. You havent configured a DMZ-Device above...

FW_SERVICES_INTERNAL_TCP="smtp domain"

Access to the SMTP- and Nameserver on the firewall-Machine.. FW_SERVICES_INTERNAL_UDP="domain"

# FW_TRUSTED_NETS="192.168.1.0/32"

Normally you dont need it, I think. Let it blank.

FW_SERVICES_TRUSTED_TCP="" FW_SERVICES_TRUSTED_UDP="" FW_SERVICES_TRUSTED_IP=""

No Trusted Services. So you dont need a TrustedNet.

FW_SERVICE_DNS="no"

Above you talk about a Nameserver on the Firewall. So FW_SERVICE_DNS="yes" is better, I think. BTW: I don't know, the above settings for the Nameserver: Must I set FW_SERVICES_INTERNAL_TCP|UDP = "domain" for accessing the DomainNameServer from my ISP? I always set an internal NS...

# Redirect TCP connections FW_REDIRECT_TCP="80"

What do you want to do? Redirecting to Squid-Proxy-Server on the firewall-Machine? FW_REDIRECT_TCP="192.168.1.0/24,0/0,80,3128" Then you have to set FW_SERVICES_INTERNAL_TCP = "3128" IMHO..

FW_ALLOW_PING_FW="no"

FW_ALLOW_PING_FW="yes" for testing...

FW_ALLOW_FW_TRACEROUTE="no"

FW_ALLOW_FW_TRACEROUTE="yes" for testing... thats all for now, its late... Regards, Wilko Heyl Wilko Heyl __________________________________________________ heyl@terraconnect.de - www.terraconnect.de terraconnect GbR - Mauritzstrasse 4 - 48301 Nottuln Wilko Heyl und Burkhard Frie Tel: 0251 - 214493 Fax: 0251 - 214492