OS: SuSE 9.1 with latest patches I found the thread on using SuSE as a bridging firewall earlier this year but seem to be stuck. Topology: Internet Side: xxx.xxx.xxx.1 (Default Gateway) (Cisco router) Bridge: Defined bridge xxx.xxx.xxx.10 adding eth0 (connected to .1) and eth1 (LAN side). Default route defined as xxx.xxx.xxx.1 LAN Side: Test system xxx.xxx.xxx.29 I can ping .1, .10 and .29 from the bridge system and even surf the internet, etc. I can ping the bridge (.10) from the LAN side (.29) but cannot ping the gateway (.1). At this point there are no iptables rules in effect (iptables -L shows nothing) and SuSEfirewall2 is disabled. I have downloaded shorewall 2.0.8 and bridge-utils (from SuSE 9.1 CDs) but seem to be missing some thing here. Goal: Use the bridging firewall between a Cisco router and the rest of our networks to detect/defeat syn flood and smurf attacks. Cisco wants $US 2K/router for the enterprise version of their software to do this (times 4 routers!) which is a major outlay for a small ISP, hence urgency of getting this to work. (I have a bottom of the line MultiTech RF550VPN on one of the LAN side systems and even it has no problem stopping these attacks on the one system - we just need to duplicate this protection on several subnets.) Thank you, Lucky Leavell