I wrote a brief document outlining a Shorewall implementation consisting of two firewall servers running in a fail over configuration using the heartbeat program. It may be found at: http://www.xenos.net/library/hafirewall.html There is nothing groundbreaking here, but it does address a way to have Shorewall actively running on multiple servers while not causing any conflicts with proxy ARP configurations. This document may be of use to those who use proxy ARP, want redundant firewall servers, and need an active firewall running on each of the firewall nodes, (e.g. you need network connectivity but do not want an open interface like the routestopped directive would do). Karyl