Hi all, This should be rather easy going, but I am experiencing problems. My network looks as follows: +-- External Net 192.168.1.0/24 --> (Eth1) SuSE 8.1 Firewall2 (Eth0) <--- Internal Net 172.19.0.0/16 On my Internal Net there's a web-server, which machines on the extern net may access. Using my Sniffer i can see packets going into the internal net, but I receive nothing back, because the initiating machine sends packets with destination port 80 TCP and sources port > 1024 TCP which I have not explicitely opend. The other way around is working fine (accessing HTTP and FTP resources on the external network). The configuration file: FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="172.19.0.0/16,0/0,tcp,20 172.19.0.0/16,0/0,tcp,21 172.19.0.0/16,0/0,tcp,80" FW_FORWARD_MASQ="0/0,172.19.6.10,tcp,80" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_PROTECT_FROM_INTERNAL="no" FW_LOG_DROP_CRIT="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_ALLOW_PING_FW="yes" FW_IGNORE_FW_BROADCAST="yes" What am I doing wrong? Any hints are deeply appreciated. Cheers, Knut Erik