We tried to swap our lan (eth2) interface with our net interface (etj5) Before: lan eth2 detect routeback dmz eth4 detect #norfc1918 net eth5 detect #norfc1918 pix eth3 detect #norfc1918 vpn tun0 After: lan eth5 detect routeback dmz eth4 detect #norfc1918 net eth2 detect #norfc1918 pix eth3 detect #norfc1918 vpn tun0 We also swapped the contents of the ifcfg-eth-id:00 .... files so that eth5 was now eth 2 & vice versa Then we switched the cables so that the internet was connected to the eth5 and lan to eth2 and then searched /etc/shorewall for all files containing eth2 and eth5 and made appropriate changes. Rebooted from the shorewall machine we were able to access the dmz and the lan and the internet. We could get to the DMZ from the LAN. We could not however connect to any systems on the dmz from the internet. After we un-did out our changes, everything was working again. This is a Suse Linux 10.2 machine. Are there any other places besides these shorewall files where changes need to be made on Suse to do this? We had to back out of what we had hoped would be a fast update and restart. - Joel ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don''t miss this year''s exciting event. There''s still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone