Hey all, Am new to the list and am reasonably new to Shorewall too. Following the docs provided on the site, I was able to happily and confidently setup a shorewall firewall on a remote box, it has only one ethernet card which links it to the internet. Now, I have a question, I''ve searched the site and have found docs relating to ICQ but none answered my question fully, so here goes. The system with shorewall on it lives in the US, it''s a public system where you can FTP/HTTP/etc... to it. What I''d like to do is to be able to get ICQ at my workplace, while this sounds easy and would be even easier if ICQ-2Go worked properly, it doesn''t and we have a wonderfully complicated setup, making anything that DOESN''T utilise port 80 or 443 useless. To combat this, I''ve used DNAT (which I''ve yet to test at work) to allow SSH/SMTP/POP3 to my workplace from the remote system, I''ll test this tomorrow (at work), I''m confident it will work, but I''d like to have ICQ as well as I have ICQ contacts I''d like to keep in touch with during my working day (as I''m sure you all have). The setup at my workplace is as follows : Internal LAN is 10.16.0.0/16 addresses (255.255.0.0), they all use a proxy server on 10.16.0.1 which in turn links via a router which blocks off anything NOT port 80 or 443. (The router and anything PAST it, is out of my control) That router then goes out to several squid boxes (whichever one the DNS points it to) which then serves the web-pages and such, hence it has to have port 80 and 443 open both-ways (so we can get the pages and request new ones). I''d like to use the shorewall box, so that I can go out from the workplace on one IP, say 22.22.22.1 on port 80, if I''m coming in from work (as in I have an IP from my workplace), it will reroute my request so that it goes to the ICQ server on whatever port it wants, any traffic coming BACK from that would need to get back to me on the internal LAN at port 80. Hence why standard ICQ ports aren''t accessible and ICQ2Go is such a nightmare (as it keeps D/C''ing me for some reason). Any thoughts on how I may be able to accomplish this, I''m using RedHat 9.0, Shorewall 1.4.7b and have TC_ENABLED set to ''Yes'' (as one of your previous posts suggested). Thanking you all in advance, Mr. K. Hawkes ICT Support Engineer (for a school, hence the lack of ports available) "May darkness be your only ally, for in the shadows you can hide" - Kris 1998-2002 "In darkness, there is strength." - Kris 2002 "What we do in life echoes in eternity." - Anon "Remember folks, get your victims to scream, they live longer, you laugh stronger" - Anon "If people never notice you when you''re around, they''re not going to miss you when you''re not" - Kris 2003 "Since learning C, I''ve learnt how to swear in 12 other languages, including Binary and Hex!" - Kris 2003 "You look back upon choices you''ve made, you wonder ''what if'' and wonder if you should have done it differently... but then you''d not be you anymore, you''d be someone else, asking the same set of questions." - Anon -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQEVAwUBPHjfdSBHjRAjzresAQHZpgf/ZKpt2Nl+8EmIJwT/rLFtx8yhFFKdqVk6 pQGsgeOGN1ZI5kSOU6FBeWkyVS3YKLV6UHhvHVm1MQuBwPyfnjhQGj+OuI9jQPoc qTFb0TRQivOQoOeJq1PfIFcl53RrvRUOFAl8+jdKqZo/IFARdllknkCMTZirvp5l M+7/4a/ua2rx8d46zab1RF5YYNHRjyJRXD913FHty5VXCX31DJ55nAho30lOKOPC TNT+zzO1UC/J+keWSjxSSV3wPeOiOgtUtI5FiuXJmv1IXzsxjogGCTd0HUJ/04mR H623bEhl8M8yF/x6seCNKpHDkDQjoL+ddlQGVezdgbg3z7Jd7Y6VKA==/whC -----END PGP SIGNATURE-----