Hi, can anyone help me with building packet filter? I'm trying to install the packet filter Firewall 2.0 (Update serie "sec" for SuSE Linux 6.3), but something is still wrong ... I'd like to have zones Internet, DMZ and Private (Intranet). Because I'm only trying it, the Internet zone is in my really private zone at home - this is the net 192.168.1.0. But for the firewall it would be the Internet zone. I have only these results: - the masquerading of private net 192.168.100.0 is good - but nothing in DMZ zone is working. For example: www. I don't know, what I'm doing wrong - see my file firewall.rc.config. Thank you for your help Zdenek Hornych Zdenek.Hornych@brandysnl.cz /etc/rc.config.d/firewall.rc.config: ===================================== FW_DEV_WORLD="eth2" FW_DEV_WORLD_eth2="192.168.1.50 255.255.255.0" FW_DEV_INT="eth0" FW_DEV_INT_eth0="192.168.100.1 255.255.255.0" FW_DEV_DMZ="eth1" FW_DEV_DMZ_eth1="194.212.204.25 255.255.255.248" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.100.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="no" # 9) Sluzby na firewallu (pristup z Internetu, DMZ nebo Internal): FW_SERVICES_EXTERNAL_TCP="20 21 22 25 80 110" FW_SERVICES_EXTERNAL_UDP="514" FW_SERVICES_DMZ_TCP="20 21 22 25 80 110" FW_SERVICES_DMZ_UDP="514" FW_SERVICES_INTERNAL_TCP="20 21 22 25 110" FW_SERVICES_INTERNAL_UDP="514" # 10) FW_TRUSTED_NETS="192.168.1.0/24" FW_SERVICES_TRUSTED_TCP="20 21 22 25 80 110 137 138" FW_SERVICES_TRUSTED_UDP="514 137 138" # 11) FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" # 13) Povoleni pristupu do DMZ nebo Internal: #FW_FORWARD_TCP="0/0,194.212.204.26,20 \ # 0/0,194.212.204.26,21 \ # 0/0,194.212.204.26,22 \ # 0/0,194.212.204.26,25 \ # 0/0,194.212.204.26,37 \ # 0/0,194.212.204.26,43 \ # 0/0,194.212.204.26,53 \ # 0/0,194.212.204.26,80 \ # 0/0,194.212.204.26,110 \ # 0/0,194.212.204.26,4559 \ # 0/0,194.212.204.26,901 \ # 0/0,194.212.204.26,3128 \ # 192.168.100.0/24,194.212.204.26,137 \ # 192.168.100.0/24,194.212.204.26,138" FW_FORWARD_TCP="0/0,194.212.204.26,80" FW_FORWARD_UDP="0/0,194.212.204.26,80" #FW_FORWARD_UDP="0/0,194.212.204.26,37 \ # 0/0,194.212.204.26,53 \ # 0/0,194.212.204.26,161 \ # 0/0,194.212.204.26,162 \ # 0/0,194.212.204.26,514 \ # 192.168.100.0/24,194.212.204.26,137 \ # 192.168.100.0/24,194.212.204.26,138" # 14) FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive " -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/