Hello, I posted this earlier to SLE but have had no answers at this point... I have a SuSE 8.1 machine with all currently available online updates applied that I am trying to remote-administer. It is on a DSL connection and I am trying to work on it's firewall settings. It's obviously important that in configuring it's firewall, I don't lock myself out... 8^) I have read through the following files a couple times and as I configured each option. However, I think I must have missed something... /usr/share/doc/packages/SuSEfirewall2/EXAMPLES /usr/share/doc/packages/SuSEfirewall2/FAQ /usr/share/doc/packages/SuSEfirewall2/SuSEfirewall2.conf.EXAMPLE I have a machine with two interfaces, eth0, eth1. eth0 is external, eth1 is masq (192.168.1.0/24). I want to be able to access some specific services running on the external interface from the internal, masqueraded network: FW_SERVICES_INT_TCP="ssh smtp http ntp https imaps pop3s 8080" FW_SERVICES_INT_UDP="ntp" All names are listed in /etc/services on the firewall machine and I have a squid proxy server running on port 8080. After making the changes in /etc/sysconfig/SuSEfirewall2, I restarted the firewall with this command: rcSuSEfirewall2 restart I also tried 'rcSuSEfirewall2 stop' then 'rcSuSEfirewall2 start'. Despite listing services in FW_SERVICES_INT_(TCP|UDP)=, I am still getting denied when trying to access the services from the internal network. Anyone have any ideas? Here is my full config: # cat /etc/sysconfig/SuSEfirewall2 | egrep -v "^[[:space:]]*$|^#" FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="https imaps pop3s smtp ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="ssh smtp http ntp https imaps pop3s 8080" FW_SERVICES_INT_UDP="ntp" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option \ --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" Thanks. -- Marc Christensen http://www.mecworks.com http://www.mecworks.com/~marc/resume