I have problems to connect from my internal LAN to services (http,smtp) in DMZ. Example : I can't send mail with my mail server but it's possible when i connect outside my network. But it does not stop to connect to me with other services, outside my network Any idea ? Thank's in advance Raul ------------------------------------------------------------------------------ This it is my scheme of network: ADSL-----------DMZ-----------------SWITCH --- LAN 192.168.1.1 ETH1=192.168.1.2 192.168.0.0/24 ETH0=192.168.0.1 Services: smtp, http... Log when attempt to connect me to a virtual domain in my DMZ: -------- /var/log/messages --------------------- SFW2-INext-DROP-ICMP IN=eth1 OUT=MAC=00:50:fc:27:26:bd:00:73:03:08:df:ec:08:00 SRC=[nnn.nnn.nnn.nnn] DST=192.168.1.2 LEN=56 TOS=0x08 PREC=0x00 TTL=64 ID=31558 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.2 DST=[nnn.nnn.nnn.nnn] LEN=60 TOS=0x08 PREC=0x00 TTL=64 ID=33634 DF PROTO=TCP INCOMPLETE [8bytes] ] ------------------------------------------------ route: ------------------------------------------------ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 ------------------------------------------------ SuSEfirewall2: ----------------- /etc/sysconfig/SuSEfirewall2 --------------------- # 1.) # Should the Firewall run in quickmode? FW_QUICKMODE="no" # 2.) FW_DEV_EXT="eth-id-00:50:fc:27:26:bd" # 3.) FW_DEV_INT="eth-id-00:e0:7d:9d:e3:59" # 4.) # Which is the interface that points to the dmz or dialup network? FW_DEV_DMZ="eth1" # 5.) # Should routing between the internet, dmz and internal network be activated? FW_ROUTE="yes" # 6.) FW_MASQUERADE="yes" ## Type: string # # You must also define on which interface(s) to masquerade on. This is # normally your external device(s) to the internet. # Most users can leave the default below. # # e.g. "ippp0" or "$FW_DEV_EXT" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" # 7.) FW_PROTECT_FROM_INTERNAL="yes" # 8.) FW_AUTOPROTECT_SERVICES="yes" # 9.) FW_SERVICES_EXT_TCP="53 http https imap imaps pop3 pop3s smtp" FW_SERVICES_EXT_UDP="53" FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_RPC="" FW_SERVICES_DMZ_TCP="53 http https imap imaps pop3 pop3s smtp" FW_SERVICES_DMZ_UDP="53" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_SERVICES_INT_TCP="smtp domain http https 110 143 53" FW_SERVICES_INT_UDP="53" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" # 9a.) FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" # 10.) FW_TRUSTED_NETS="192.168.0.0/24" # 11.) FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # 12.) FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="no" # 13.) FW_FORWARD="192.168.0.0/24,192.168.1.2" # 14.) FW_FORWARD_MASQ="" # 15.) FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128 192.168.0.0/24,0/0,tcp,25,3128 192.168.0.0/24,0/0,tcp,110,3128 192.168.0.0/24,0/0,tcp,143,3128" # 16.) FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" # 17.) FW_KERNEL_SECURITY="yes" FW_ANTISPOOF="yes" # 18.) FW_STOP_KEEP_ROUTING_STATE="no" # 19.) FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="no" # 20.) FW_ALLOW_FW_TRACEROUTE="yes" # 21.) FW_ALLOW_FW_SOURCEQUENCH="yes" # 22.) FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="yes" # 23.) FW_ALLOW_CLASS_ROUTING="no" # 25.) FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" # 26.) FW_REJECT="yes" # 27.) FW_HTB_TUNE_DEV="" # 28.) FW_IPv6="" # 28a.) FW_IPv6_REJECT_OUTGOING="yes" # 29.) FW_IPSEC_TRUST="no" # 29a.) FW_IPSEC_MARK="" FW_LOG="" --------------------------------------------------------------------