The huge hole Jim is referring to are the following ports. You'll need to configure server publishing and create virtual/secondary IP address on your external NIC. UDP 137 inbound UDP 138 inbound TCP 139 inbound with secondary TCP 1023+ outbound Unlesss you have a WINS server in the DMZ and is successfully replicating inwards, not a good idea and is another issue entirely in its own, modify the LMHOSTS file on the pc's in the DMZ. Point to the virtual NAT IP and not the "true" IP of the DC inside. HTH, Doug