Hi Keith, I didn't take a close look at your FW rules, but on first glance they look reasonable enough, except the thing about
FW_SERVICES_DMZ_TCP="http https 80" As you don't have a DMZ interface no services can be present there.
But I did take a look on the DNS entries for your server, which you conveniently called server.asgard.org.nz) and found that there is no DNS entry for it. wolfgang@wolfgang:~> host server.asgard.org.nz ns1.inspire.net.nz Using domain server: Name: ns1.inspire.net.nz Address: 203.114.128.1#53 Aliases: Host server.asgard.org.nz not found: 3(NXDOMAIN) As you can see, your own nameserver doesn't know about your server, who could others? HTH regards from Vienna Wolfgang -- ----------------------------------------------------- Wolfgang Leithner Pinguin-Systeme.at CEO/CTO Systems and Security EMail: wolfgang.leithner@pinguin-systeme.at http://www.pinguin-systeme.at ----------------------------------------------------- GPG Key Fingerprint: 21FE FB64 BD83 8385 364A E927 BB2F F331 84FD 12A9 ----------------------------------------------------- GPG Public Key can be found at: http://www.pinguin-systeme.at/privacy/wl.asc ----------------------------------------------------- Registered Linux User # 388544 To support the Cause of Linux and OpenSource please register at: http://counter.li.org ----------------------------------------------------- Der Inhalt dieser Nachricht ist persoenlich und vertraulich und lediglich fuer die Verwendung durch den/die Adressaten bestimmt. Sollten Sie diese Nachricht irrtuemlich erhalten haben, infor- mieren Sie bitte postmaster@pinguin-systeme.at. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@pinguin-systeme.at -----------------------------------------------------