I suggest you talk to your ISP about giving your DSL router an IP- Address outside of your Network. This way the DSL router would have its external interface on that "outside" subnet. I would suggest a private range IP for the DSL router's internal IF. 10.X.X.X or so. The FW gets a 10.X.X.X on its external, and the DSL router must be configured to route traffic for your subnet to the FW's external IF. The Firewall routes all outbound traffic (default route) to the DSL router. The FW's internal IF must be part of your subnet, and that interface is then the default gateway for your network. Your ISP needs to give your DSL router an IP outside of your Subnet for this to work, tho. HTH Chr. Burri .-. /v\ L I N U X // \\ >I know Kung Fu!!< /( )\ ^^-^^ Hi all! I want to protect our network with a firewall that should run on a SuSE machine (kernel 2.2 stable). There is a router that provides a permantent DSL connection to the net. Normaly this router is the gateway for all machines on the local net - but not I want to put a firewall between. The network has official ip addresses and all machines shall use these, which means that I do not want to have masquerading. So I have put the firewall machine between router and local net. I have switched on ip_forwarding and - for testing - have set up all ipchains to ACCEPT. Now it should route/forward everything, yes? But it doesn't. I can ping the firewall machine both from outside and from inside. But I cannot reach another host in the network from outside (and the other way around). When I try to ping a host in the network from outside I get a answer from my dsl router that this host is not reachable. Maybe the problem is here, I don't know... Do you have an idea? Thanx a lot! Michael -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com