Ok, I am sure that everyone is sick of my firewall questions, but hear me one last time. I have winblows workstations on the public LAN having private non-routable IP addresses (192.168.0.0) they sit behing a Linux IPCHAINS IPMASQADN firewall that has one private NIC and one public NIC. on the other side of the firewall lies the DMZ where web, mail, DNS, etc servers lay. And of course the have public routable class C IP's. Now, they cranky and not so security minded users who have more pull than the poor network admin anyway I have two options (I think). Put a public NIC in each of the DMZ machines. My only fear is that someone gets in and hacks the routing tables and viola! welcome to my network. I can also allow nbsession (137/9) through the firewall. Allowing only the local workstations to map drives in the DMZ. I would lose NT domain architecture but who cares. I am just stumped on how to achieve the latter solution. Anyone have experience in this? A sample script perhaps? Thanks in advance and I hope this is my last firewall post. A forever indebted newbie - Joel