I am using SuSE 7.1, kernel 2.4.10, iptables 1.2.1a-53 and firewall2.- I have a NT2000 inside the internal network with an ASP application in IIS. In order to access to her from Internet, I have configured the following rule in /etc/rc.config.d/firewall2.rc.config file: FW_FORWARD_MASQ="0/0,192.168.1.20,tcp,8080,80" where 192.168.1.20 is the WinNT 2000' IP address. But I am not able to enter to the Windows Server of the internal net although the /var/log/firewall log show that seemingly it accepts it and forward correctly: Nov 9 14:08:47 fw kernel: SuSE-FW-ACCEPT-REVERSE_MASQIN=eth0 OUT=eth1 SRC=200.11.85.19 DST=192.168.1.20 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=53270 DF PROTO=TCP SPT=2735 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) In my browser i get: The web page is not available in this moment... ¿Any idea? PD: This is my firewall2.rc.config file: FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="http-alt ssh smtp imap pop3 domain ftp telnet www 5631 5632" FW_SERVICES_EXT_UDP="domain 5631 5632" # Common: domain FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="http-alt ssh ftp smtp domain www telnet imap pop3 imap 137 138 139 901 3128" FW_SERVICES_INT_UDP="domain 137 138 139" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" # Beware to use this! FW_FORWARD_MASQ="0/0,192.168.1.20,tcp,8080,80" # Beware to use this! FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config" -- Greetings, Alberto mailto:linux@opc.com.uy Linux User #242064