ISA blocks inbound ICMP by default (ping floods are a really basic DoS technique). Besides, ICMP doesn't guarantee traffic flow for other protocols.. Create packet filters for DNS / SMTP traffic between the 62.231.68.<ip> and the linux host. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: Radu Cruceana To: [ISAserver.org Discussion List] Sent: Saturday, June 15, 2002 9:47 AM Subject: [isalist] Please help http://www.ISAserver.org Hi, Please help a desperate man. I have the following configuration: Internet -> 62.231.68.x/24 --ISA--192.168.0.0/24 -> Internal LAN | 212.93.159.61/30 (Isa Interface to DMZ) | | | 212.93.159.62/30 (Linux mail Server on DMZ) So, From Internet I have ping on Linux Server but I don't have on ISA interface to DMZ. Routing is enabled and packet filters are specified with subnet for DMZ so it should include the 212.93.159.61. If I disable the interface to Internet and the interface to dmz and reenable them everything it's working ok. After that, if I restart the firewall service or if I reboot the machine bye bye ping on 212.93.159.61 from Internet. Also if I stop the firewall service I have ping on 212.93.159.61. This interface is crucial because I have to publish on it a dns server and a mail server. I've also try put specific packet filters for it but no result. I don't know what to do anymore (except to hang myself). Thx a lot in advance. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')