I thought I had solved the problem of Samba access within my LAN by setting FW_TRUSTED_NETS to 192.168.0.0/24. I don't know now why that seemed to be the case, but right now I have FW_TRUSTED_NETS set to that value and Samba access is being blocked (the other machine shows a request for username/password that can't be satisfied). Turning off the firewall makes Samba work again on the far end. The documentation does not make clear what services are provided to the FW_TRUSTED_NETS machines if you just list an IP address or range of IP addresses with none of the optional parameters -- do you get all services (like an unmodified external zone) or none of the services (like the internal zone)? I'd like to see an authoritative answer to that question. An ad hoc solution is to set FW_TRUSTED_NETS to: 192.168.0.0/24,tcp,139 192.168.0.0/24,udp,187 192.168.0.0/24,udp,138 which solves the Samba problem but not any other problem pertaining to local-net access. The effect I want is to enable all services for a specified range of IP addresses. Paul