There are no services ON THE FIREWALL that need to be accessed (I allready ran into this problem ;-), they are all on serveres in either network. I changed my configuration, just to test. This is how (excerpt) it looked: FW_MASQ_NETS="172.19.0.0/16,0/0,tcp,20 172.19.0.0/16,0/0,tcp,21 172.19.0.0/16,0/0,tcp,80" FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80" Test-configuration FW_MASQ_NETS="172.19.0.0/16" FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80" It will work with my test-configuration, but then again, any user could use any service on the external net, and that is not wanted only FTP and HTTP. How can I solve this, whitout doing something like this: FW_MASQ_NETS="172.19.0.0/16,0/0,tcp,20 172.19.0.0/16,0/0,tcp,21 172.19.0.0/16,0/0,tcp,80 172.19.0.0/16,0/0,tcp,1024:65535" FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80" ??? Cheers Knut Erik -----Original Message----- From: GentooRulez [mailto:paranoiac_user@freenet.de] Sent: Tuesday, July 15, 2003 2:04 PM To: suse-security Subject: Re: [suse-security] Problems with a simple Firewall2 config I did not check your whole config, but this came up immediately: # Which services ON THE FIREWALL should be accessible from either the internet # (or other untrusted networks), the dmz or internal (trusted networks)? FW_SERVICES_EXTERNAL_TCP="80" Check this out Michael