Note, this is based on the work of Chris Stumpf, and is the complete original email . ================================= >Thanks for any info you can provide! Here's what Chris said in the in-joy list (I have no clue what he's saying): Well, after months of trying to get access to a computer running DTOC v4 behind an InJoy Firewall, I finally have achieved success thanks to a couple of chat sessions with Bjarne. This message is to share the rules necessary so that others don't have to struggle as I did. First I need to explain what the rule accomplishes. Basically it takes all http requests and the 8 other ports that DTOC v4 uses and redirects them from the external IP address to a private internal address. This rule will only give access to a single machine. If you need to access multiple machines, you have a few options. First, you could aquire additional Internet IPs, which is expensive and not a good use for them. Second, you could simply DTOC into the on PC you have access to and then start a web browser on it and DTOC into another computer. I call this the daisychain method. This is simple and effective, but is painfully slow with a dialup connection. The third option is to use an IPSec VPN connection to gain direct access to the entire lan. Having said all that here are the rules I came up with and instructions on how to modify them to suit your network. All you will need to do is copy and paste the section below into your FIRERULE.CNF file that is in the \firewall directory and then change the "x" in all the IPs to match the IP of the PC that you want to be able to access. A word of warning, DO NOT use this rule without enabling the username and password access controls in DTOC as anyone that hits your internet IP with a web browser would gain access to your computer. I also recommend that you enable SSL encryption. That's all there is to it. I hope everyone enjoys the work I have done. And I just want to thank Bjarne one last time. #----------------------------------------------------------------------------- # # DTOC behind a firewall # must map the following port ranges # http - usually port 80, but can be changed in properties # 25345-25352 # PORTMAP-WWW-IN Rule-Status = Enabled, Comment = "Running A WEB Server on an internal server - IN", Source = "any", Destination = "current", Service = WWW, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-WWW-OUT Rule-Status = Enabled, Comment = "Running A WEB Server on an internal server -OUT", Source = "192.168.x.x", Destination = "any", Source-Port = WWW, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN Rule-Status = Enabled, Comment = "Map incoming 25345 requests to DTOC", Source = "any", Destination = "current", Service = 25345, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT Rule-Status = Enabled, Comment = "Map outgoing DTOC:25345 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25345, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN-2 Rule-Status = Enabled, Comment = "Map incoming 25346 requests to DTOC", Source = "any", Destination = "current", Service = 25346, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT-2 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25346 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25346, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN-3 Rule-Status = Enabled, Comment = "Map incoming 25347 requests to DTOC", Source = "any", Destination = "current", Service = 25347, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT-3 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25347 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25347, Rule-Action = Portmap, PORTMAP-DTOCDATA-OUT-4 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25348 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25348, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN-5 Rule-Status = Enabled, Comment = "Map incoming 25349 requests to DTOC", Source = "any", Destination = "current", Service = 25349, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT-5 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25349 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25349, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN-6 Rule-Status = Enabled, Comment = "Map incoming 25350 requests to DTOC", Source = "any", Destination = "current", Service = 25350, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT-6 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25350 pkts to current", Destination = "any" Source = "192.168.x.x", Source-Port = 25350, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN-7 Rule-Status = Enabled, Comment = "Map incoming 25351 requests to DTOC", Source = "any", Destination = "current", Service = 25351, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT-7 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25351 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25351, Rule-Action = Portmap, PORTMAP-DTOCDATA-IN-8 Rule-Status = Enabled, Comment = "Map incoming 25352 requests to DTOC", Source = "any", Destination = "current", Service = 25352, Rule-Action = Portmap, Mapping-Dest-IP = "192.168.x.x", PORTMAP-DTOCDATA-OUT-8 Rule-Status = Enabled, Comment = "Map outgoing DTOC:25352 pkts to current", Destination = "any", Source = "192.168.x.x", Source-Port = 25352, Rule-Action = Portmap, Chris Stumpf IBM Certified Systems Expert - OS/2 Warp 4