-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I have a linuxbox running shorewall, and on the lan side nic I have multiple networks, and ip''s from both assigned to the nic. One network is private, and the other is public ip''s. I have a web server running on the firewall with multiple virtual hosts configured. I have the private ip on the lan tied to the default apache config, and the public ip on the lan tied to a vurtual configuration. Also the public ip on the wan is tied to another virtual host. I want all web traffic on the private network that is trying to go through the firewall to get forwarded to the firewall and be answered by the apache default config. All this config will do is redirects the request to my domain. So no matter where they try to go, they will end up at my page. The following will do the trick. ACCEPT lan:192.168.1.0/24 fw:192.168.1.1:80 tcp http - all I think it is required to specify the 192.168.1.1 on the firewall so it is answered by the proper apache config. Am I right? The 192.168.1.1 is the main ip on the nic, and the public ip is a alias. Then came the question, will the following rule do the same thing? ACCEPT lan:192.168.1.0/24 lan:192.168.1.1:80 tcp http - all Would this act any different? - --=20 Regards Joseph Watson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9l94tABydhMNsDgMRAu3UAKCSEkHiyawwwJrR1bJeeaYnpdL9mACgojVT fWF+ALMzZuD52dyDPmXt7C0=3D =3D11hS -----END PGP SIGNATURE-----