Hi I have an Alcatel 'frog' USB ADSL modem running off a SuSE linux box configured as a firewall. This machine has 2 network cards. One card is connected directly to a second linux box using a crossover cable, this section being designated as the DMZ. The second linux box runs Apache and MySQL. The other card is connected to an 8 way hub permitting my household network to access the world via the firewall. The gateway (firewall) machine additionally runs Squid http proxy but all the internal user machines are in fact masqueraded onto the Internet. The web server is reverse masqueraded onto the internet, this permits the redirection of incoming http requests (since my ISP blocks port 80) from the port to which they are directed by my dynamic IP address service. Both the linux boxes run without monitors and I administer them remotely using Putty and ssh from one of my user machines. All the user machines run Win XP and communicate with each other using their native peer-to-peer facilities, there being no domain, although Bind is running on the gateway to provide local DNS resolution. When my current contract expires I will move to another provider and obtain a static IP address, at which point I will introduce a domain server. You may wonder why I need all this stuff in my home. So do I. All I can say is: insanity is hereditary, you get it from your kids. I need to access the SQL server from one of my user machines using Microsoft Access, but I cannot figure out how to persuade SuSEfirewall2 to permit this. I know I have a problem with MySQL as the connection still fails when the firewall is turned off, but I can tell from the error logging that communication is not passing the firewall when it is turned on. I can probably figure out the MySQL problem once I can communicate with the machine, but obviously I don't want to leave the firewall turned off. MySQL uses a port in the 3000 range, and I have turned on the 'allow high ports' option in the firewall, but this makes no difference. Can anybody help? Any other comments on the arrangement and security of my system would be appreciated. Fred