Craig,

My last message was incorrect. Don't ask my how or why I thought all
was well (to keep my embarressment at a minimum), but it isn't. After
a server reboot, I found that my original problem persists. The only
internet access I have with the filters on is through the proxy
services configured in BorderManager. Here are the contents of the
filters.cfg file (xxx.xxx.xxx.xxx = public IP address; yyy.yyy.yyy.yyy
= private IP address):

# FILE: FILTERS.CFG
#
# Filter Database. This file is maintained by the Filter Services NLM.

# *** IMPORTANT ***
# TAMPERING WITH THIS FILE MAY CAUSE SEVERE MALFUNCTIONING OF THE
SYSTEM.
#-------------------------------------------------------------------------


VERSION 1.3

GLOBAL-IP-LOG DISABLED
GLOBAL-IPX-LOG DISABLED

IP-NOT-MATCHING-FLT-EXCEPTION-LIST-LOG DISABLED
IPX-NOT-MATCHING-FLT-EXCEPTION-LIST-LOG DISABLED

# Protocol-level Service Definitions. Each entry specifies a protocol,

# a service type, and the corresponding protocol-specific value.
Built-in
# services are defined in the file BUILTIN.CFG. Syntax:
#
# PROTOCOL-SERVICE <protocol>, <service type>, <value>, [<Comment>]


PROTOCOL-SERVICE IP, ICMP2, pid=ICMP stfilt=1,
PROTOCOL-SERVICE IP, WinMediaPlayer, pid=TCP port=1755
srcport=1024-65535 ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, MSN-Messenger, pid=TCP port=183
srcport=1024-65535 ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, IMAP, pid=TCP port=143 srcport=1024-65535
ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, GWRemote, pid=TCP port=1677 srcport=1024-65535
ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, VPTUNNEL2, pid=UDP port=2010 srcport=1024-65535
stfilt=1,
PROTOCOL-SERVICE IP, VPN-AuthGW2, pid=TCP port=353 srcport=1024-65535
ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, VPN-KeepAlive2, pid=UDP port=353 srcport=353
stfilt=1,
PROTOCOL-SERVICE IP, CLNTRUST, pid=TCP port=524 srcport=1024-65535
ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, E-Mail Outbound, pid=TCP port=1024-65535
srcport=25 ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, E-Mail Inbound, pid=TCP port=25
srcport=1024-65535 ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, SMTP Mail-Out, pid=TCP port=25 srcport=1024-65535
ackfilt=0 stfilt=1,
PROTOCOL-SERVICE IP, SMTP Mail-In, pid=TCP port=1024-65535 srcport=25
ackfilt=0 stfilt=1,

PACKET-FILTER-LIST IP, DISABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IP:pid=IP, INTRFACE:DSL,
Added by BRDCFG to block all IP packets.
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=110
srcport=<All> ackfilt=0 stfilt=1, INTRFACE:DSL, Allow Outbound Pop3
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=ICMP stfilt=1,
INTRFACE:DSL,
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=1755
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:DSL, Allow Outbound
Media Player
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=183
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:DSL, Allow Outbound
MSN
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=143
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:DSL, Allow Outbound
IMAP
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=1677
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:DSL,
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=UDP port=2010
srcport=1024-65535 stfilt=1, INTRFACE:DSL,
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=353
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:DSL,
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=UDP port=353
srcport=353 stfilt=1, INTRFACE:DSL,
EXCLUDE ENABLED NOLOG, INTRFACE:CE100B_1, IP:pid=TCP port=524
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:DSL
IP:xxx.xxx.xxx.xxx, CLNTRUST Exception
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:yyy.yyy.yyy.yyy,
IP:pid=TCP port=1024-65535 srcport=25 ackfilt=0 stfilt=1,
INTRFACE:DSL, GWIA E-Mail Outbound
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=25
srcport=1024-65535 ackfilt=0 stfilt=1, INTRFACE:<Any>
IP:yyy.yyy.yyy.yyy, GWIA E-Mail Inbound
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=57, INTRFACE:<Any>
IP:xxx.xxx.xxx.xxx, Added by BRDCFG to alloc SKIP Protocol for VPN.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=UDP port=353
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow VPN Client Keep-Alive & Disconnect.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=UDP port=1024-65535
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow incoming traffic through dynamic ports.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=443
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow accelerator authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=353
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow VPN Client Authentication.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=80
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow default Web Proxy Cache port.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=213
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow VPN Master/Slave communication port.
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=1024-65535
srcport=<All>, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx, Added by BRDCFG to
allow incoming traffic through dynamic ports.
FILTER ENABLED NOLOG, INTRFACE:DSL, IP:pid=IP, INTRFACE:<Any>,
Added by BRDCFG to block all IP packets.
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:yyy.yyy.yyy.yyy,
IP:pid=TCP port=25 srcport=1024-65535 ackfilt=0 stfilt=1,
INTRFACE:DSL, GWIA SMTP Mail-out
EXCLUDE ENABLED NOLOG, INTRFACE:DSL, IP:pid=TCP port=1024-65535
srcport=25 ackfilt=0 stfilt=1, INTRFACE:<Any> IP:192.198.0.1, GWIA
SMTP Mail-In
EXCLUDE ENABLED NOLOG, INTRFACE:<Any> IP:xxx.xxx.xxx.xxx,
IP:pid=IP, INTRFACE:DSL, Added by BRDCFG to allow all outgoing IP
packets.

PACKET-FILTER-LIST IPX, ENABLED, DENY
FILTER ENABLED NOLOG, INTRFACE:<Any>, IPX:pkt_type=FF socket=FFFF
srcsocket=FFFF, INTRFACE:DSL, Added by BCAPI to block all IPX packets.

FILTER ENABLED NOLOG, INTRFACE:DSL, IPX:pkt_type=FF socket=FFFF
srcsocket=FFFF, INTRFACE:<Any>, Added by BCAPI to block all IPX
packets.

SERVICE-FILTER-LIST ADVERTISE, APPLETLK, DISABLED, DENY

SERVICE-FILTER-LIST ADVERTISE, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>, INTRFACE:DSL,
Added by BCAPI to block all IPX SAP traffic.

SERVICE-FILTER-LIST ACCEPT, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPXSAP:FFFF, *, GROUP:<ANY>, INTRFACE:DSL,
Added by BCAPI to block all IPX SAP traffic.

ROUTE-FILTER-LIST ADVERTISE, APPLETLK, DISABLED, DENY

ROUTE-FILTER-LIST ACCEPT, APPLETLK, DISABLED, DENY

ROUTE-FILTER-LIST ADVERTISE, OSPF, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, GROUP:<ANY>, m=, Added by BCAPI
to block all IP OSPF traffic.

ROUTE-FILTER-LIST ADVERTISE, EGP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:DSL, m=, Added by
BCAPI to block all IP EGP traffic.

ROUTE-FILTER-LIST ACCEPT, EGP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:DSL, m=, Added by
BCAPI to block all IP EGP traffic.

ROUTE-FILTER-LIST ADVERTISE, IP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:DSL, m=, Added by
BCAPI to block all IP RIP traffic.

ROUTE-FILTER-LIST ACCEPT, IP, ENABLED, DENY
FILTER ENABLED NOLOG, GROUP:<ANY>, INTRFACE:DSL, m=, Added by
BCAPI to block all IP RIP traffic.

ROUTE-FILTER-LIST ADVERTISE, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:DSL, <none>,
Added by BCAPI to block all IPX RIP traffic.

ROUTE-FILTER-LIST ACCEPT, IPX, ENABLED, DENY
FILTER ENABLED NOLOG, IPX:00000000/00000000, INTRFACE:DSL, <none>,
Added by BCAPI to block all IPX RIP traffic.


I hope this reveals what I have wrong in the filtering.

Thanks,

Brian