for those of you with OpenBSD firewalls, this tool: http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8 looks like it does something similar to what I'm told NoCatAuth does. basically, you ssh to the gateway, log in to an account with this as your shell (or, I presume you could start this after logging in), and as long as you stay logged in, it sets up packet-filter rules specific to you. not as simple for the user as NoCatAuth, but possibly more flexible? (dunno, I've never researched NoCatAuth). in any case, it's a system builtin, rather than an add-on package, so that offers some advantages. going to have to experiment with this when I set up my new firewall. Carl Soderstrom. -- Network Engineer Real-Time Enterprises www.real-time.com