Hi, I''m a newby to Shorewall but have spent the past week and a bit reading through various documentation on iptables and shorewall, so I''ve got quite a good grasp of the concepts already. I''m running Shorewall 1.4.2 on Redhat 8.0. My external interface is ppp0 (it''s a normal modem dialup and I get a real - 203.x.x.x - static IP address assigned) and the internal - local - interface is eth0 (normal network card). I''m setting up a new system at the moment, to replace an age''ing RH6.2 box using ipchains. Let''s call the RH6.2 machine host1.domain1.com (192.168.1.2 netmask 192.168.1.0/24) Let''s call the new RH8 machine host2.domain2.com (192.168.2.8 netmask 192.168.2.0/24) Please note in real life both the IP''s above are 203.x.x.x addresses, I don''t use any NAT in this setup. host1.domain1.com is a primary DNS server for its domain (domain1.com), while host2.domain2.com will retain it''s name on eth0, and alias host1.domain1.com as eth0:1 while also running primary DNS on that virtual alias device - I''ve tested Bind in this config and it works fine - the purpose being to decommission host1 and run all it''s services (all 2 of them) off host2. I want both host1 and host2 to be talking to one another allowing full access to one another, without any DENYs or REJECTs. Following from the "Shorewall and Alias Interfaces" documentation, it says to put in the following into /etc/shorewall/interfaces - eth0 192.168.1.255,192.168.2.255 and in the /etc/shorewall/hosts loc eth0:192.168.1.0/24 loc eth0:192.168.2.0/24 Am I right in going through this so far? Is this the best way to do this? Should I separate the zones as "loc" and "loc2" type setups? as host1''s network (domain1.com) only needs DNS, NTP, SSH active, while host2''s network (domain2.com) requires all those plus HTTP, HTTPS, SMTP, IMAPS, SMTPS, and so on. Note that domain2.com has quite a few clients on it, while domain1.com only has the one host and was the main dialup ppp0, the reason I''m decommissioning the box and aliasing it on one of domain2.com''s many boxes that run 24x7. Any help or advice is very much appreciated. Michael. __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com