Guys I've got myself a little confused over some issues I'm having on this and despite reading Togan's primer don't seem to be winning. ADSL router -10.10.99.1 | DHCP , DNS | eth1 10.10.99.5 | ssh | eth0 10.10.200.254 | squid, squidguard, internal http | rest of Lan SuSEfirewall2 FW_ALLOW_INCOMING_HIGHPORTS_TCP="no" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain" Logs I get the following when the firewall has been started and the browsers hang - squid trying for dns resolution I suspect Feb 24 17:57:37 localhost kernel: SuSE-FW-DROP-ANTI-SPOOF IN=eth1 OUT= MAC=00:80:ad:8e:f9:64:00:d0:41:0e:92:1f:08:00 SRC=10.10.99.1 DST=10.10.99.5 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=51956 PROTO=UDP SPT=53 DPT=1052 LEN=128 Squid is setup to use the nameserver from resolv.conf as 10.10.99.1 as provided by dhcp. Does this indicate I should provide a local dns rather than pass through the firewall ? Cheers, all help warmly appreciated. -- Stephen Prendergast SP Software Ltd 07 570 1452 021 466 247