SuSE har routerfunktioner inbyggt. Det enda du behöver göra för att sätta upp forwards och sådant är att ändra i /etc/sysconfig/SuSEfirewall2 filen. Ett exempel på hur det kan se ut i den filen:
## Type: string
#
# 9.)
# Which TCP services _on the firewall_ should be accessible from
# untrusted networks?
#
# Enter all ports or known portnames below, seperated by a space.
# TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and
# UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.
# e.g. if a webserver on the firewall should be accessible from the internet:
# FW_SERVICES_EXT_TCP="www"
# e.g. if the firewall should receive syslog messages from the dmz:
# FW_SERVICES_DMZ_UDP="syslog"
# For IP protocols (like GRE for PPTP, or OSPF for routing) you need to set
# FW_SERVICES_*_IP with the protocol name or number (see /etc/protocols)
#
# Format: space separated list of ports, port ranges or well known
# service names (see /etc/services)
#
# Examples: "ssh", "123 514", "3200:3299", "ftp 22 telnet 512:514"
#
FW_SERVICES_EXT_TCP="1099 113 1413 30000:31000 3724 3784 6111:6112 6851:6859 6881:6889 6891:6899 7770 7780 7890 7990 ftp http ssh"
## Type: string
#
# Which UDP services _on the firewall_ should be accessible from
# untrusted networks?
#
# see comments for FW_SERVICES_EXT_TCP
#
# Example: "53"
#
FW_SERVICES_EXT_UDP="1413 7777 7778 8767 8768 3784 7877 7878 7977 7978 27012 27015"
## Type: string
#
# 14.)
# Which services accessed from the internet should be allowed to masqueraded
# servers (on the internal network or dmz)?
# Requires: FW_ROUTE
#
# With this option you may allow access to e.g. your mailserver. The
# machines must be in a masqueraded segment and may not have public
# IP addesses! Hint: if FW_DEV_MASQ is set to the external interface
# you have to set FW_FORWARD from internal to DMZ for the service as
# well to allow access from internal!
#
# Please note that this should *not* be used for security reasons!
# You are opening a hole to your precious internal network. If e.g.
# the webserver there is compromised - your full internal network is
# compromised!
#
# Format: space separated list of
# <source network>,<ip to forward to>,<protocol>,<port>[,redirect port,[destination ip]]
#
# Protocol must be either tcp or udp
#
# Examples: - "4.0.0.0/8,10.0.0.10,tcp,80" forward all tcp request on
# port 80 coming from the 4.0.0.0/8 network to the
# internal server 10.10.0.10
# - "4.0.0.0/8,10.0.0.10,tcp,80,81" forward all tcp request on
# port 80 coming from the 4.0.0.0/8 network to the
# internal server 10.10.0.10 on port 81
# - "200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202"
# the network 200.200.200.0/24 trying to access the
# address 202.202.202.202 on port 80 will be forwarded
# to the internal server 10.0.0.10 on port 81
#
# Note: du to inconsitent iptables behaviour only port numbers are possible but
# no service names (https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=273)
#
FW_FORWARD_MASQ="0/0,192.168.0.6,tcp,1413 0/0,192.168.0.6,udp,1413 0/0,192.168.0.6,tcp,6881:6889
0/0,192.168.0.6,tcp,1099 0/0,192.168.0.6,udp,6111:6112 0/0,192.168.0.6,tcp,6111:6112"