a good firewall starts with all ports closed and only opens the very minimal set needed. sounds like just 80 (web/http) and possibly 443 (https) are open. depending on what version of the linux kernel the firewall is running, you'll need to add ipchains (2.2.x kernels) or iptables (2.4.x kernels) rules to allow the other ports necessary. check here for the complete port listings: http://www.iana.org/assignments/port-numbers ping inbound and/or outbound can be disabled via firewall rules. I wouldn't worry about this unless you deem it *really* important to ping outside sites. Marty Olson wrote: > it's a linux firewall. we can get out to internet (browsing) and use > squirrel mail OK, but can't get POP3 mail or streaming video / audio or IM > and cannot ping www.yahoo.com but can reach it. are these certain ports > that are closed? _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list