Hi Peter,
Ps: I am not sure about the external devices. I have one external card which is eth0. But I tried this setting with just eth0 too and it did not work. That is why I did put ppp0 as well.
Your external device is ppp0. You may leave eth0 out. FW_DEV_EXT="ppp0" FW_MASQ_NETS="192.168.159.0/24" as Thorsten Preuss already has noted in another mail. Sorry, I've been asleep here.. He's also right about not needing the IP_FORWARD variable in /etc/rc.config anymore. Sorry for the confusion.. Thanks Thorsten, for setting me right. NB: Those entries below were _examples_. You have to insert those services you have running _on_ your firewall. Add only those services you want to be accessible from outside *EXT* or from inside *INT* your network. For example, I have some installations using the following entries: FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="500" FW_SERVICES_EXT_IP="50 " FW_SERVICES_INT_TCP="ssh" This means, I want ssh access to the firewall from the outside as well as the inside (entry ssh). Furthermore, this machine is the entry to a VPN (virtual private network), (UDP port 500 for key exchange and IP protocol 50 is used to transport the encrypted packets). Leave those fields empty, if you don't have any services running on the firewall (I'd recommend at least "ssh" or in FW_SERVICES_INT_TCP --- you might want to do some configuring from another computer in your network. Saves the monitor for the firewall :) Robert
FW_SERVICES_EXT_TCP="ssh http" # Common: smtp domain FW_SERVICES_EXT_UDP="ssh http" # Common: domain FW_SERVICES_EXT_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!! # FW_SERVICES_INT_TCP="ssh http" #Common: ssh smtp domain FW_SERVICES_INT_UDP="ssh http" #Common: domain syslog FW_SERVICES_INT_IP="" # For VPN/Routing which END at the firewall!!