* Andreas J Mueller;
-----BEGIN PGP SIGNED MESSAGE-----
Hi Chris!
What you should definitly do is open port 5678 on FW_SERVICES_EXT_TCP, otherwise the firewall won't allow clients to connect. And you can get rid of port 80 on EXT because you use the other port for it.
FW_SERVICES_EXT_TCP="25 53 5678"
That's not necessary for SuSE-FW2 (at least in 8.0), because the forwarding code will create the needed ACCEPT rules independently of the settings in FW_SERVICES_EXT_TCP. However, if the destination host
Correct as FW_SERVICES_EXT_* means anything that is running on the firewall machine itself
However, if the destination host is itself not masqueraded, e.g., not listed in FW_MASQ_NETS, the reply packets won't get back through the firewall. I found that out while
This is true if you are using FW_FORWARD_MASQ variable as this is used for forwarding requests to private ip machines. if you have routable ip's then you should be using FW_FORWARD which does not need FW_MASQ_NETS -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx