Hi, I currently have one tri-homed ISA, a LAN and one machine I need on a DMZ as a web server (port 8080 though). I have 5 static usable IPs (2 illegal, 1 for the DSL router) so on a x.x.x.x/29 network. After reading some of the microsofts docs about it, I'm a little confused. Currently my LAN has full access to the DMZ on 8080, but the internet does not. Under packet filters, I have one for TCP Inbound on 8080, destination set is the DMZ computer and applies to all requests. There's also a rule for http, https and ftp download which allows any request. There's also another for http and https which allows from the dmz computer. My DMZ computer can access the DNS server (also the firewall) and recieve a valid response, but cannot use the browser. The prob I'm confused about is having the DMZ on a separate network by subneting my public IPs. imagine x.x.x.88/29 as the network and mask my provider has given me. My router is at x.x.x.89/29 and my firewall's external interface at x.x.x.90/29 - What I have done (not sure if it's right) is use the DMZ interface on the firewall as x.x.x.93/30 and the dmz computer as x.x.x.94/30. There is a DNS entry for the DMZ computer, and if I allow ping, it seems to work, so why the blo*dy hell can't I see the web server? Any help will be greeted with absolute delight! Pete