OK, you do know that by default you can't access a DMZ server from the internal network or vice versa. This is the reasoning used for a proper DMZ in any case. The ip spoofing rules prevent this. One way of doing this would be to build a route to and from the DMZ and internal networks, but this really isn't a lot safer than simply running the DMZ machine on the internal network itself. Another option that I remember being discussed a year or two ago is to add another firewall between the DMZ and the internal net and setup a "safer" route to the internal network.
I hope this helps ;) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user