Hi there, i use SuSEfirewall2 on a SuSE 7.2-Gateway. The Firewall has 3 Interfaces - one in direction of the internet (official IP), one to the inner-LAN (192.168.20.x) and one to the DMZ (192.168.70.x). The Computer in the DMZ (Webserver) has an internal IP-Adress (192.168.70.y), so i have to port-masquerade. The inner-LAN-Clients can reach the Webserver because i'm using the "FW_FORWARD"-Parameter in SuSEfirewall-Config-File. One of the entries is "192.168.20.0/24,192.168.70.10,tcp,80". All works fine. But now i want to add a second Server (Mail) to the DMZ. I added the appropriate entry to the FW-FORWARD-Parameter. I can ping the two Servers from the firewall succesful. But from an inner-LAN-Client i can only reach the Webserver, but not the Mailserver. Neither a ping works still a telnet to the SMTP-Port. The Firewall-Logs relative to DENYs or so what is empty. But why? When i add the Mailserver to the "FW_FORWARD_MASQ"-Parameter, i can reach the Box from the internet without problems. Thanks in advance for help. Michael