>> Hmm...you do not appear to have a blanket accept for your >> internal interface. What services are supposed to be open to >> the internal lan? > > Really just intersted in web, ftp and maybe samba Well, the rules do accept connections for them three so no problem here. > > Not really relying on my server for dns for the local machines, just for > local services, ftp, webmin, local web. I'm not on a commercial account with > my isp so 'external' mail is not an issue. ftp is not running, webmin is blocked. You should be able to connect to apache. samba is not running either. > > I have most services turned off but can activate them , remotely, from > webmin if I need ssh or ftp. Well, I guess you first need to allow connections to webmin (from INSIDE - even if you are absolutely certain no one can guess your password) unless you are only going to do it from the desktop on the box. No rules for ssh so you will need to add them if you do enable ssh.