Hi all! I'm running SuSEfirewall2 and of late it has behaved strangely.... PROBLEM: ******* My firewall is denying access to external browsers and yet it allows access to anyone browsing on the LAN (ie. when one uses the internal ip for the server). The following is an extract of my firewall2.rc.config script: FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="www smtp ssh" FW_SERVICES_EXT_UDP="" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="www smtp ssh 10000 137:139 3128 ftp" FW_SERVICES_INT_UDP="137:139" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" # FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" # Beware to use this! FW_FORWARD_MASQ="" # Beware to use this! FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" # FW_ALLOW_PING_EXT="no" Is there anything I could have ommitted?? I know that it is most probably the firewall because when I stop the firewall, the pages on the server are browseable even externally, but with the firewall,here is an output of /var/log/messages obtained when one tries to browse pages on this server externally: Oct 30 10:36:22 space kernel: martian source <server-ip> from <client-ip>, on dev eth1 Oct 30 10:36:25 space kernel: martian source <server-ip> from <client-ip>, on dev eth1 thanks, ---- Greg, Computer Frontiers International ,,, /'^'\ ( o o ) oOOO--(_)--OOOo----------------------