Hi everybody, i am using SuSE 7.2 with SuSEFirewall2 with a DSL-Connection. On a box behind the firewall-box there runs a service. With the following script i want to forward the packets. I start the script after the SuSEFirewall2.final , because the service is none permanent, so i want to start/stop it when i need it without starting/stopping the SuSEWall. ---------------------------------------------------------------------------- ---------------------- #!/bin/sh DEV=ppp0 FW_DEV_EXT=aaa.aaa.aaa.aaa CLIENT_IP=192.168.1.1 #ppppp & qqqqq the ports to forward iptables -t nat -I PREROUTING -d $FW_DEV_EXT -p udp -i $DEV --dport 10000:10010 -j DNAT --to $CLIENT_IP # iptables -t nat -I PREROUTING -p udp -i $DEV --dport 10000:10010 -j DNAT --to $CLIENT_IP (don't work too) # iptables -t nat -A PREROUTING -p udp -i $DEV --dport 10000:10010 -j DNAT --to $CLIENT_IP (don't work too) ---------------------------------------------------------------------------- ---------------------- The packets seem to be forwarded , tcpdump says: ---------------------------------------------------------------------------- ---------------------- 22:59:28.930835 EXTERN_IP.ppppp > FW_DEV_EXT.qqqqq: udp 21 22:59:28.930835 FW_DEV_EXT > EXTERN_IP: icmp: FW_DEV_EXT udp port 10000 unreachable (DF) [tos 0xc0] ---------------------------------------------------------------------------- ---------------------- (EXTERN_IP is the IP form the Client from the internet) An this where i wonder. Is the FW_DEV_EXT ok ? Must this not the CLIENT_IP ? i got no entry in the /var/log/messages that the packets are dropped. This is wat i have in the firewall2.rc.config : FW_PROTECT_FROM_INTERNAL="yes" #(all allowed ports can be reached) FW_AUTOPROTECT_SERVICES="yes" # FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" #(ok , not good , only for testing) # FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" #(ok , not good , only for testing) # FW_SERVICES_EXT_TCP="www" FW_SERVICES_EXT_UDP="www FW_SERVICES_EXT_IP="" # FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" # FW_SERVICES_INT_TCP="22 25 53 3128" FW_SERVICES_INT_UDP="22 53" FW_SERVICES_INT_IP="" # FW_KERNEL_SECURITY="yes" Did i forgot a module or some settings ? Do you need more info (logs/settings)? Let me know. Thx for help and infos kind regards freddy