Suse 11.2 + Smoothwall + VPN + Subnets + Netmask = Trouble

This is a bit long winded, but I will try to be concise. Certainly more details can be provided if anyone wishes to lend their expertise.

I administer a non homogeneous cifs protocol network that spans two physical sites. Connected to it are Linux (Suse 11.0 and 11.1), OS/2, Windows 2K, Windows XP and Windows 98SE boxes. The network is configured as a single global network with two subnets, one for each location. I have a Smoothwall 3.0 firewall/router box at each location to manage Internet activity through the cable modems. The sites are logically tied together through the VPN capability of Smoothwall. The network is small enough to be static. Fixed DHCP registry plus DNS services are provided by Suse 11.0 Server, Smoothwall connects via VPN over the internet to Smoothwall There are several computers on, all of which look to, via the VPN connection, for primary DNS services.

All of this is working swimmingly, until I try to upgrade any box on the remote subnet ( to Suse 11.2 (or 11.3 beta).

Once 11.2 is installed and running on a PC on the remote subnet, it can no longer properly connect to the outside world. It can even be a box that was previously working fine with Suse 11.0 or 11.1. What happens is this: I can ping anything, anywhere, by either IP or domain name, but neither any browser nor Yast software update can reach my ISPs DNS servers, which are set up as the fall back when my internal DNS server is stumped. Consequently, they can’t connect. I am using a netmask of, which on 11.2 and 11.3 is automatically changed to /24, on all systems. If I edit the netmask on the 11.2 box to /23, my browser works, meaning it can access my ISPs DNS server, but all of my network is now invisible. I take that to indicate that, with the changed netmask, I am now bypassing the VPN and getting DNS directly (obviously through Smoothwall and the cable modem) from the ISPs server.

The only alteration I have made is to “upgrade” to Suse 11.2 from 11.0 or 11.1. What is changed in the networking of 11.2 to cause this?