I was just telling you how we have our ZeroShell boxes set up. In the balance rules we have all port 80 and 443 traffic from the client’s LAN go out the cable connection then we have all of the server’s traffic going out my company’s WAN connection (either T1 or DSL) because we provide Static One-to-One NAT translations for the client’s servers. This is set up for all clients. This particular client is not hosting a website so we don’t have port 80 traffic directed towards it from our WAN connection. We suspect a hacker came in through the Cable connection but while troubleshooting we noticed that when we put in \ we get prompted to accept a certificate then we get prompted for a username and password. The Virtual Server portion of the ZeroShell only forwards TCP/5900 to the client’s server over the cable connection to allow my company to access the client’s server through VNC only in the event that one of our WAN lines (T1 or DSL) go down. if the T1 or DSL connection is up, we are not able to access the server through VNC over the cable connection. I hope that clears up any confusion and thanks for your time.