cliff here wrote: >> net.ipv4.conf.ip_forward = 0 ?? >> >> change to = 1 ?? > yea that needs to be a 1 That cannot be mandatory, as I have a 0 there and do not have the OP's problem. As I mentioned, the default in shorewall is that loc to $FW, ie connection from machines on the local LAN to server, is set to REJECT. Maybe that is the default in the iptables setting too? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland