I've downloaded SuSEfirewall-2.5.tar.gz and Installed it. I've edited firewall.rc.config and if I start the "firewall" I get the "done" message and in my log the message "SuSEfirewall: Firewall rules successfully set" However if I call /usr/sbin/openports I get: ipchains produced errors, no default routing set up? /sbin/route -n gives: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 xxx.xx.xxx.48 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.49 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 xxx.xx.xxx.40 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.41 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.42 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.43 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.44 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.45 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.46 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 xxx.xx.xxx.47 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 xxx.xx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 xxx.xx.xxx.1 0.0.0.0 UG 0 0 0 eth0 The last line looks to me like a correct default gateway. It is the IP address of my ISP's router sitting on a network to which eth0 on the linux box is also connected. Internet connections from this linux box also work. One point which I did note, although the message does not indicate that this is the issue - openports has the line "requires iproute2 to be installed and in the path". What is iproute2? I'm pretty sure that I don't have it and it is certainly not in the path. I don't know if the two are connected but the other thing that does not work at all is the network connected to eth1. I'd love to test the firewall using it (because that's what I installed the firewall for, but I cannot get that far. I have a laptop with a PCMCIA 10/100 network card running Windows 98. I have set it up with IP address 192.168.1.10, netmask 255.255.255.0 and gateway 192.168.1.1. eth1 is an SMC EtherPower II 10/100 which is using the epic100 module and has IP address 192.168.1.1. From my linux box I can ping 192.168.1.1 and from the laptop I can ping 192.168.1.10 but I cannot ping one from the other. The hub (Intel InBusiness 4-port Fast Hub) shows green lights for the status link indicators for the two NICs. The PCMCIA card has an indicator that says it is connecting at 100 Mbs and the "activity light" flashes briefly when ping is run either from the laptop or the linux box. The SMC NIC has four LEDs - a Link Integrity Indicator which is on, a 10Mbs/100Mbs Indicator which indicates 100Mbs a Full duplex/half duplex Indicator which is showing half duplex and an activity indicator which flashes briefly when ping is run either from the laptop or the linux box. If I run /sbin/ifconfig I get: eth0 Link encap:Ethernet HWaddr 00:A0:24:B7:yy.yy inet addr:xxx.xx.xxx.4 Bcast:xxx.xx.xxx.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14814 errors:0 dropped:0 overruns:0 frame:0 TX packets:10553 errors:0 dropped:0 overruns:0 carrier:0 collisions:201 txqueuelen:100 Interrupt:10 Base address:0x300 eth0:0 Link encap:Ethernet HWaddr 00:A0:24:B7:yy.yy inet addr:xxx.xx.xxx.40 Bcast:xxx.xx.xxx.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0x300 eth0:1 Link encap:Ethernet HWaddr 00:A0:24:B7:yy.yy inet addr:xxx.xx.xxx.41 Bcast:xxx.xx.xxx.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0x300 .. for eth0:2 to eth0:9 .. eth1 Link encap:Ethernet HWaddr 00:E0:29:2D:zz.zz inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:452 dropped:453 overruns:0 frame:0 TX packets:170 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xe400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:3172 errors:0 dropped:0 overruns:0 frame:0 TX packets:3172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 I guess that the 452 errors and the 453 dropped are not good! For completeness /etc/route.conf is as follows: # # /etc/route.conf # # In this file you can configure your static routing... # # This file is read by /sbin/init.d/route. # # # Destination Dummy/Gateway Netmask Device 192.168.1.0 0.0.0.0 255.255.255.0 eth1 xxx.xx.xxx.0 0.0.0.0 255.255.255.0 eth0 default xxx.xx.xxx.1 Any help gratefully appreciated. Many thanks Andrew -- Andrew Hougie, Grinton, Aldenham Grove, Radlett, Hertfordshire, England, WD7 7BW Email: andrew@hougie.co.uk WWW: http://www.hougie.co.uk