Hi, folks, I have SuSE Linux server which acts as 2-interface router & firewall with firehol package for firewalling setup. Basically I'm need to make local services running on local PC 192.168.0.16 over the internet (port forwarding). Below is a part of firehol.conf I have tried different things, like "router world2lan inface "${if_world}" outface "${if_lan}" route gv accept dst 192.168.0.16", swapping "route commands" in world2lan configuration, explicitly opening "gv" ports with "server gv accept", etc., nothing worked. Something very simple is missing but I could not figure out waht. Any help is greatly appreciated. Thanks in advance. ------------------------------------------------------- if_world="eth4" if_lan="eth0" intranet_ips="192.168.0.0/16" #transparent_squid 3128 squid inface "${if_lan}" transparent_proxy 80 3128 "squid root bin andrei" inface "${if_lan}" src "${intranet_ips}" # Video surveillance software. client_gv_ports="5548 5549" server_gv_ports="tcp/5548 tcp/5549" nat to-destination 192.168.0.16 inface "${if_world}" proto tcp dport "${client_gv_ports}" interface "${if_lan}" lan src "${intranet_ips}" policy reject # server "dns ftp samba squid dhcp http ssh icmp" accept server all accept client all accept interface "${if_world}" world src not "${intranet_ips} ${UNROUTABLE_IPS}" protection strong 10/sec 10 server "ssh http https ftp dns smtp smtps pop3 pop3s sip" accept server ident reject with tcp-reset client all accept router lan2world inface "${if_lan}" outface "${if_world}" masquerade route all accept router world2lan inface "${if_world}" outface "${if_lan}" route gv accept route ident reject with tcp-reset -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org