I using Suse 9.2 The Firewall ( SuSEfirewall2 ) progran suport custons Masquerade Forward ? need make vpn masquerade if use muy custons very simple firewall script it works example echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 192.168.1.1 -j MASQUERADE iptables -t nat -A PREROUTING -p 47 -j DNAT --to 192.168.1.1 iptables -t nat -A PREROUTING -p tcp --dport 1723 -j DNAT --to 192.168.1.1 but use the SuSEfirewall my variables set FW_MASQ_NETS="192.168.1.1/32" FW_PROTECT_FROM_INTERNAL="no" FW_SERVICES_EXT_TCP="1723" FW_SERVICES_EXT_IP="47" FW_FORWARD_MASQ="0/0,192.168.1.1,tcp,1723" FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in SuSEfirewall-custom put fw_custom_before_masq() { # could also be named "after_port_handling()" # these rules will be loaded after the IP protocol and TCP/UDP port # handling, but before any IP forwarding (routing), masquerading # will be done. # NOTE: reverse masquerading is before directly after # fw_custom_before_port_handling !!!! # You can use this hook to ... hmmm ... I'm sure you'll find a use for # this ... iptables -t nat -A PREROUTING -p 47 -j DNAT --to 192.168.1.1 true } the vpn masquerade no work Jose