HI, I have a dmz firewall setup that connects 2 private networks with the public Internet (net1 and net2). I don't seem to be able to get my configuration to the point where a machine in net1 can connect to another machine in net1 trough its public IP address. Example: dmz router: 10.1.1.1 mail server: 10.1.1.20 http server: 10.1.1.30 I would like to enable the http server to to go to the mail server through the public IP address of the mail server rather than being limited to going straight to 10.1.1.20. All machines have 10.1.1.1 as their default gateway and NAT for mail connections from the outside works. I don't see any packets being dropped on the firewall since I allowed port 25 connections from the inside of the firewall as well. What am I missing here? Thanks, Ferdinand -- Ferdinand Schmid Architectural Energy Corporation Celebrating 20 Years of Improving Building Energy Performance http://www.archenergy.com