Back to a clean slate. You have complete tcp/ip function out of any box to the internet or to the router or to the SuSE machine. The win98 machines are blocking any tcp/ip incoming but your problem is that the win2k software can gain access. Maybe this is because it is not using tcp/ip to gain access. Do you have netbui protocol stack on all the win boxes? If you do then it is the firewall that is stopping any "first time" access to your win98 boxes. It is probably set up to allow some of the streaming media packages to establish a connection, but they (Norton) quite correctly assumed that mechanisms like ping and SMB over tcp/ip would not be required by 99% of the users. This leaves you in the position of the minority, not comfortable. The options are twofold, either you conform to the majority and behave yourself as they would like you to, or you put up with a less than optimal setup for the sake of being an individual. Are you sheep or tiger? Before I get abuse from the sheep-lovers of this world, there is nothing wrong with being a sheep, sheep have a major part to play in this world. Without sheep we would not have Lancashire hot-pot or even lamb chops. We would all be wearing these so-called "fleece" jackets/gillets etc. Getting back to the serious matter, does your router permit incoming connecttions to be routed to boxes on your local net? The point is that your local net may not be reachable from the internet without your explicit intervention. I use a Cisco box to handle my internet connection and without my setting up a route, any attempt to open a port from the internet is blocked. The Cisco box permits me to set up a tunnel for port connections from the internet to a specified host on my local network. If you are behind a address translation firewall it _should_ be impossible for crackers on the internet to gain access to hosts on your local network. If this is the case then your Norton firewalls are rather redundant. Peter