Hello everybody, Here's a somewhat newbiesh question, but I've seen this topic discussed here. So, I've just moved from RedHat 7.0 to SuSE 7.3 (after an HD failure). This Linux box is used as a company firewall/masquerader, dns, www and mailserver. Under RedHat we've used ipchains with it's simplest setup just to masquerade the internal net on a per machine basis. And, issuing "ipchains -L" I used to get some 10 lines concerning exactly what I configured. With SuSE we tried to set up SuSEfirewall2, and we did it carefully. The problem is that the machines from the internal net cannot access www or mail server through its external interface - and the corresponding DENY is logged clearly. We did not set the firewall protection from the internal net, and it is accessible internally, but the traditional www.ourdomain.ru (or mail.ourdomain.ru) points to the external device, which worked fine with ipchains under RedHat. Now we're using ipchains under SuSE too, but this is surely wrong (just to mention the inability ro use ftp from inside). Should we try to reconfigure SuSEfirewall2? Listing of iptables' rules is so much complicated that I don't think I should read it. Or just throw away the firewall, issue some iptables' rules thru a script and forget it? Thanks in advance, Boris G. Kimel.