Hello List! I'm Sorry to have to ask this question, but I did RTFM for quite a while, but I do need your help! I have a SuSE 8.0 Prof server with apache & sendmail and internal I am forwarding/masquerading some pcs (some windows) (absolutely trusted). Everything works fine, BUT: I tried without success to stop the anti-spoofing-rules of the susefirewall2 to let ONLY HTTP (Port 80. do I need more?) from the internal network (eth0) to the external nis (eth1). I do NOT want all traffic from my internal pcs to my OWN HOMEPAGE to go over the proxy of my ISP. (Its sometimes really slow due to an overlaod on the proxy of my ISP). ...and it is "destroying bandwith" when i go masqueraded to my isp only to access the other networkcard on my own server! I know it is a security hole, but if it would be only for http it should be ok. (And on my suse7.3 server with ipchains it worked fine too.) Please - no RTFM: I need a "cooking instruction". I think it is only one line inserted into /etc/sysconfig/scripts/SuSEfirewall2-custom, but which line and where ??? AND I think this would be (as a "cooking instruction") something for the FAQ for all like me who want to take this risk! I am tired to try options and only get the SUSE-FW-NO_ACCESS_INT->FWEXT in my firewall logs! Thank you in advance!! Fritz Here is my firewall config: ---------------- FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="http smtp www" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="no" FW_SERVICE_AUTODETECT="no" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"