Hello all, Is it possible to allow masquerading of internal IP addresses to only a single destination address? I have found information on allowing only certain ports/services, but nothing to allow for a particular destination IP address. I am configuring SuSEFirewall on version 7.1Pro. I am trying to allow one machine on my internal network access to a corporate Citrix server via the Internet. The following will work, but I think it will open up more than I need. Does this really threaten the security of my network? All help is greatly appreciated. FW_MASQ_NETS="192.168.1.200/32,tcp,1024:65535" ~Dale P.S. When changing firewall settings, which script do I run to reload the firewall, the "INIT", "SETUP", or "FINAL" script? (Or all three?) ________________________________ Dale Schuster MIS Manager Lake Tahoe Horizon Casino Resort dschuster@horizoncasino.com